Skip to content
This repository was archived by the owner on May 28, 2021. It is now read-only.

Commit 2a251f7

Browse files
prydieprydie
authored
Fix Events RBAC (#143)
1 parent 4c54192 commit 2a251f7

File tree

2 files changed

+63
-72
lines changed

2 files changed

+63
-72
lines changed

contrib/manifests/rbac.yaml

Lines changed: 32 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -16,38 +16,36 @@ kind: Role
1616
metadata:
1717
name: mysql-operator
1818
rules:
19-
- apiGroups:
20-
- ""
21-
resources:
22-
- pods
19+
- apiGroups: [""]
20+
resources: ["pods"]
2321
verbs:
2422
- get
2523
- list
2624
- patch
2725
- update
2826
- watch
2927

30-
- apiGroups:
31-
- ""
32-
resources:
33-
- secrets
34-
verbs:
35-
- create
28+
- apiGroups: [""]
29+
resources: ["secrets"]
30+
verbs: ["create"]
3631

37-
- apiGroups:
38-
- ""
39-
resources:
40-
- services
32+
- apiGroups: [""]
33+
resources: ["services"]
4134
verbs:
4235
- create
4336
- get
4437
- list
4538
- watch
4639

47-
- apiGroups:
48-
- apps
49-
resources:
50-
- statefulsets
40+
- apiGroups: [""]
41+
resources: ["events"]
42+
verbs:
43+
- create
44+
- update
45+
- patch
46+
47+
- apiGroups: ["apps"]
48+
resources: ["statefulsets"]
5149
verbs:
5250
- create
5351
- get
@@ -56,8 +54,7 @@ rules:
5654
- update
5755
- watch
5856

59-
- apiGroups:
60-
- mysql.oracle.com
57+
- apiGroups: ["mysql.oracle.com"]
6158
resources:
6259
- mysqlbackups
6360
- mysqlbackupschedules
@@ -70,39 +67,37 @@ rules:
7067
- update
7168
- watch
7269

73-
- apiGroups:
74-
- mysql.oracle.com
75-
resources:
76-
- mysqlbackups
77-
verbs:
78-
- create
70+
- apiGroups: ["mysql.oracle.com"]
71+
resources: ["mysqlbackups"]
72+
verbs: ["create"]
7973

8074
---
8175
apiVersion: rbac.authorization.k8s.io/v1beta1
8276
kind: ClusterRole
8377
metadata:
8478
name: mysql-agent
8579
rules:
86-
- apiGroups:
87-
- ""
88-
resources:
89-
- pods
80+
- apiGroups: [""]
81+
resources: ["pods"]
9082
verbs:
9183
- get
9284
- list
9385
- patch
9486
- update
9587
- watch
9688

97-
- apiGroups:
98-
- ""
99-
resources:
100-
- secrets
89+
- apiGroups: [""]
90+
resources: ["secrets"]
91+
verbs: ["get"]
92+
93+
- apiGroups: [""]
94+
resources: ["events"]
10195
verbs:
102-
- get
96+
- create
97+
- update
98+
- patch
10399

104-
- apiGroups:
105-
- mysql.oracle.com
100+
- apiGroups: ["mysql.oracle.com"]
106101
resources:
107102
- mysqlbackups
108103
- mysqlbackupschedules

mysql-operator/templates/02-rbac.yaml

Lines changed: 31 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -20,26 +20,20 @@ metadata:
2020
name: mysql-operator{{ if .Values.operator.global }}{{ else}}
2121
namespace: {{ .Values.operator.namespace}}{{ end }}
2222
rules:
23-
- apiGroups:
24-
- ""
25-
resources:
26-
- pods
23+
- apiGroups: [""]
24+
resources: ["pods"]
2725
verbs:
2826
- get
2927
- list
3028
- patch
3129
- update
3230
- watch
3331

34-
- apiGroups:
35-
- ""
36-
resources:
37-
- secrets
38-
verbs:
39-
- create
32+
- apiGroups: [""]
33+
resources: ["secrets"]
34+
verbs: ["create"]
4035

41-
- apiGroups:
42-
- ""
36+
- apiGroups: [""]
4337
resources:
4438
- services
4539
{{- if hasPrefix "0.1" .Values.image.tag }}
@@ -51,10 +45,15 @@ rules:
5145
- list
5246
- watch
5347

54-
- apiGroups:
55-
- apps
56-
resources:
57-
- statefulsets
48+
- apiGroups: [""]
49+
resources: ["events"]
50+
verbs:
51+
- create
52+
- update
53+
- patch
54+
55+
- apiGroups: ["apps"]
56+
resources: ["statefulsets"]
5857
verbs:
5958
- create
6059
- get
@@ -63,8 +62,7 @@ rules:
6362
- update
6463
- watch
6564

66-
- apiGroups:
67-
- mysql.oracle.com
65+
- apiGroups: ["mysql.oracle.com"]
6866
resources:
6967
- mysqlbackups
7068
- mysqlbackupschedules
@@ -77,12 +75,9 @@ rules:
7775
- update
7876
- watch
7977

80-
- apiGroups:
81-
- mysql.oracle.com
82-
resources:
83-
- mysqlbackups
84-
verbs:
85-
- create
78+
- apiGroups: ["mysql.oracle.com"]
79+
resources: ["mysqlbackups"]
80+
verbs: ["create"]
8681

8782
---
8883
apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -91,26 +86,27 @@ metadata:
9186
name: mysql-agent{{ if .Values.operator.global }}{{ else}}
9287
namespace: {{ .Values.operator.namespace}}{{ end }}
9388
rules:
94-
- apiGroups:
95-
- ""
96-
resources:
97-
- pods
89+
- apiGroups: [""]
90+
resources: ["pods"]
9891
verbs:
9992
- get
10093
- list
10194
- patch
10295
- update
10396
- watch
10497

105-
- apiGroups:
106-
- ""
107-
resources:
108-
- secrets
98+
- apiGroups: [""]
99+
resources: ["secrets"]
100+
verbs: ["get"]
101+
102+
- apiGroups: [""]
103+
resources: ["events"]
109104
verbs:
110-
- get
105+
- create
106+
- update
107+
- patch
111108

112-
- apiGroups:
113-
- mysql.oracle.com
109+
- apiGroups: ["mysql.oracle.com"]
114110
resources:
115111
- mysqlbackups
116112
- mysqlbackupschedules

0 commit comments

Comments
 (0)