From a4d534fce7b5b586cdceaa308afe99cf13a7c5ac Mon Sep 17 00:00:00 2001 From: Giovanni Liva Date: Thu, 23 Mar 2023 11:25:50 +0100 Subject: [PATCH] chore(operator): read-only RBAC for KeptnConfig Signed-off-by: Giovanni Liva --- operator/config/rbac/role.yaml | 11 ----------- .../controllers/options/keptnconfig_controller.go | 5 ++--- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index 48089640a36..592ecca5e30 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -323,23 +323,12 @@ rules: - keptnconfigs verbs: - create - - delete - get - list - - patch - - update - watch -- apiGroups: - - options.keptn.sh - resources: - - keptnconfigs/finalizers - verbs: - - update - apiGroups: - options.keptn.sh resources: - keptnconfigs/status verbs: - get - - patch - - update diff --git a/operator/controllers/options/keptnconfig_controller.go b/operator/controllers/options/keptnconfig_controller.go index 404eda5c2c3..7caf76fa054 100644 --- a/operator/controllers/options/keptnconfig_controller.go +++ b/operator/controllers/options/keptnconfig_controller.go @@ -40,9 +40,8 @@ type KeptnConfigReconciler struct { LastAppliedSpec *optionsv1alpha1.KeptnConfigSpec } -// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/finalizers,verbs=update +// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs,verbs=get;list;watch;create +// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/status,verbs=get // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.