From e293957ee120f0333d4b7fbad9b1856cdeee6d5d Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Mon, 20 May 2019 12:30:13 -0400 Subject: [PATCH] Update RBAC from upstream docs. The cluster-api project has docs that describe how to build a provider. This patch syncs some recent changes to their documented RBAC. https://github.com/kubernetes-sigs/cluster-api/pull/947 --- config/rbac/rbac_role.yaml | 8 +------- pkg/cloud/baremetal/actuators/machine/actuator.go | 4 ++-- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/config/rbac/rbac_role.yaml b/config/rbac/rbac_role.yaml index 39422b64a..580337def 100644 --- a/config/rbac/rbac_role.yaml +++ b/config/rbac/rbac_role.yaml @@ -9,11 +9,6 @@ rules: resources: - machines - machines/status - - machinedeployments - - machinedeployments/status - - machinesets - - machinesets/status - - machineclasses verbs: - get - list @@ -25,8 +20,7 @@ rules: - apiGroups: - cluster.k8s.io resources: - - clusters - - clusters/status + - machineClasses verbs: - get - list diff --git a/pkg/cloud/baremetal/actuators/machine/actuator.go b/pkg/cloud/baremetal/actuators/machine/actuator.go index 1f94e59c4..f092c556d 100644 --- a/pkg/cloud/baremetal/actuators/machine/actuator.go +++ b/pkg/cloud/baremetal/actuators/machine/actuator.go @@ -46,8 +46,8 @@ const ( ) // Add RBAC rules to access cluster-api resources -//+kubebuilder:rbac:groups=cluster.k8s.io,resources=machines;machines/status;machinedeployments;machinedeployments/status;machinesets;machinesets/status;machineclasses,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch +//+kubebuilder:rbac:groups=cluster.k8s.io,resources=machines;machines/status,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=cluster.k8s.io,resources=machineClasses,verbs=get;list;watch //+kubebuilder:rbac:groups="",resources=nodes;events,verbs=get;list;watch;create;update;patch;delete // RBAC to access BareMetalHost resources from metal3.io