Remove secret create restriction by resourcenames (#529)

* Removed restriction by resourcenames * Moved permissions from clusterrole to role * Moved permissions from clusterrole to role * Update statefulset.yaml * Update statefulset.yaml * Update statefulset.yaml * Added list permission for secret at cluster level * removed list secret * review changes * review changes --------- Co-authored-by: Jooseppi Luna <jooseppi_luna@dell.com>
dell · Mar 19, 2024 · 7520e8a · 7520e8a
1 parent 2460374
commit 7520e8a
Showing 1 changed file with 22 additions and 17 deletions.
diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml
@@ -42,7 +42,7 @@ rules:
     verbs: ["list", "watch"]
   - apiGroups: [""]
     resources: ["namespaces"]
-    verbs: ["get", "list", "watch", "create"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["list", "watch"]
@@ -67,21 +67,12 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["csidrivers"]
     verbs: ["list", "watch", "get"]
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["get", "create", "delete", "update"]
   - apiGroups: ["storage.dell.com"]
     resources: ["containerstoragemodules"]
-    verbs: ["list", "create", "get", "delete", "watch"]
+    verbs: ["list", "get", "watch"]
   - apiGroups: ["mobility.storage.dell.com"]
     resources: ["backups"]
-    verbs: ["list", "create", "get"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["issuers"]
-    verbs: ["list", "get", "create", "delete"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates"]
-    verbs: ["list", "get", "create", "delete"]
+    verbs: ["list", "get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -105,7 +96,10 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["list","get", "create", "update", "delete"]
+    verbs: ["list","get", "create", "update", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create", "delete", "update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -129,8 +123,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    resourceNames: ["iv", "dls-license"]
-    verbs: ["list","get", "create", "update", "delete"]
+    verbs: ["get", "create", "update", "delete", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -154,7 +147,10 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["list","get", "create", "update", "delete"]
+    verbs: ["list","get", "create", "update", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create", "delete", "update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -178,7 +174,16 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["list","get", "create", "update", "delete"]
+    verbs: ["list","get", "create", "update", "delete","watch"]
+  - apiGroups: ["storage.dell.com"]
+    resources: ["containerstoragemodules"]
+    verbs: ["create", "delete"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create", "delete", "update"]
+  - apiGroups: ["mobility.storage.dell.com"]
+    resources: ["backups"]
+    verbs: ["create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding