Skip to content

Commit b5ced54

Browse files
achetronicsebastocorp
achetronic
and
sebastocorp
committed
fix: Include missing permissions in both controllers
Co-Authored-By: Sebastián Vargas <sebastian.varbel@gmail.com>
1 parent 092dbaa commit b5ced54

File tree

3 files changed

+6
-2
lines changed

3 files changed

+6
-2
lines changed

config/rbac/role.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,8 +82,10 @@ rules:
8282
resources:
8383
- clusterroles
8484
verbs:
85+
- bind
8586
- create
8687
- delete
88+
- escalate
8789
- get
8890
- list
8991
- patch
@@ -94,8 +96,10 @@ rules:
9496
resources:
9597
- rolebindings
9698
verbs:
99+
- bind
97100
- create
98101
- delete
102+
- escalate
99103
- get
100104
- list
101105
- patch

internal/controller/dynamicclusterrole_controller.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ type DynamicClusterRoleReconciler struct {
4545
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicclusterroles,verbs=get;list;watch;create;update;patch;delete
4646
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicclusterroles/status,verbs=get;update;patch
4747
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicclusterroles/finalizers,verbs=update
48-
// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
48+
// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles,verbs=get;list;watch;create;update;patch;delete;bind;escalate
4949
// +kubebuilder:rbac:groups="*",resources="*",verbs=get;list
5050

5151
// Reconcile is part of the main kubernetes reconciliation loop which aims to

internal/controller/dynamicrolebinding_controller.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ type DynamicRoleBindingReconciler struct {
4545
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings,verbs=get;list;watch;create;update;patch;delete
4646
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings/status,verbs=get;update;patch
4747
// +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings/finalizers,verbs=update
48-
// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
48+
// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch;delete;bind;escalate
4949
// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list
5050
// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list
5151

0 commit comments

Comments
 (0)