Skip to content

Commit

Permalink
disable clusterrole
Browse files Browse the repository at this point in the history
  • Loading branch information
dustinblack committed Sep 9, 2023
1 parent 70b892e commit df6557e
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 29 deletions.
1 change: 1 addition & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ rules:
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
- nonroot
resources:
- securitycontextconstraints
Expand Down
48 changes: 24 additions & 24 deletions controllers/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import (
hyperfoilv1alpha1 "github.com/Hyperfoil/horreum-operator/api/v1alpha1"
routev1 "github.com/openshift/api/route/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
// rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand Down Expand Up @@ -266,29 +266,29 @@ func appServiceAccount(cr *hyperfoilv1alpha1.Horreum) *corev1.ServiceAccount {
}
}

func appClusterRole(cr *hyperfoilv1alpha1.Horreum) *rbacv1.ClusterRole {
return &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: "horreum-init-cluster-role",
},
Rules: []rbacv1.PolicyRule{
{
APIGroups: []string{
"security.openshift.io",
},
ResourceNames: []string{
"anyuid",
},
Resources: []string{
"securitycontextconstraints",
},
Verbs: []string{
"use",
},
},
},
}
}
// func appClusterRole(cr *hyperfoilv1alpha1.Horreum) *rbacv1.ClusterRole {
// return &rbacv1.ClusterRole{
// ObjectMeta: metav1.ObjectMeta{
// Name: "horreum-init-cluster-role",
// },
// Rules: []rbacv1.PolicyRule{
// {
// APIGroups: []string{
// "security.openshift.io",
// },
// ResourceNames: []string{
// "anyuid",
// },
// Resources: []string{
// "securitycontextconstraints",
// },
// Verbs: []string{
// "use",
// },
// },
// },
// }
// }

// func appClusterRoleBinding(cr *hyperfoilv1alpha1.Horreum) *rbacv1.ClusterRoleBinding {
// return &rbacv1.ClusterRoleBinding{
Expand Down
10 changes: 5 additions & 5 deletions controllers/horreum_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ import (

routev1 "github.com/openshift/api/route/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
// rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/equality"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -298,10 +298,10 @@ func (r *HorreumReconciler) Reconcile(ctx context.Context, request ctrl.Request)
if err := ensureSame(r, cr, logger, appServiceAccount, &corev1.ServiceAccount{}, nocompare, nocheck); err != nil {
return reconcile.Result{}, err
}
appClusterRole := appClusterRole(cr)
if err := ensureSame(r, cr, logger, appClusterRole, &rbacv1.ClusterRole{}, nocompare, nocheck); err != nil {
return reconcile.Result{}, err
}
// appClusterRole := appClusterRole(cr)
// if err := ensureSame(r, cr, logger, appClusterRole, &rbacv1.ClusterRole{}, nocompare, nocheck); err != nil {
// return reconcile.Result{}, err
// }
// appClusterRoleBinding := appClusterRoleBinding(cr)
// if err := ensureSame(r, cr, logger, appClusterRoleBinding, &rbacv1.ClusterRoleBinding{}, nocompare, nocheck); err != nil {
// return reconcile.Result{}, err
Expand Down

0 comments on commit df6557e

Please sign in to comment.