Skip to content

Commit

Permalink
Add permission to delete placementdecisions for app SA (#236)
Browse files Browse the repository at this point in the history
Signed-off-by: Philip Wu <phwu@redhat.com>
  • Loading branch information
philipwu08 authored Jul 27, 2022
1 parent 23aebd1 commit c620b78
Showing 1 changed file with 45 additions and 222 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -309,232 +309,80 @@ spec:
- '*'
serviceAccountName: multicluster-operators
- rules:
- verbs:
- create
- update
- patch
- delete
apiGroups:
- app.k8s.io
resources:
- applications
- verbs:
- get
- list
- watch
- create
- update
- patch
- create
- delete
- deletecollection
apiGroups:
- addon.open-cluster-management.io
- agent.open-cluster-management.io
- apps.open-cluster-management.io
- cluster.open-cluster-management.io
- operator.open-cluster-management.io
- work.open-cluster-management.io
- view.open-cluster-management.io
resources:
- channels
- channels/status
- channels/finalizers
- deployables
- deployables/status
- gitopsclusters
- gitopsclusters/status
- verbs:
- get
- list
- watch
- create
- update
- patch
- delete
apiGroups:
- apps.open-cluster-management.io
resources:
- helmreleases
- helmreleases/status
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- work.open-cluster-management.io
resources:
- klusterletaddonconfigs
- manifestworks
- manifestworks/status
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- view.open-cluster-management.io
resources:
- managedclusters
- managedclusterviews
- managedclusterviews/status
- verbs:
- get
- list
- watch
apiGroups:
- addon.open-cluster-management.io
resources:
- managedclusteraddons
- verbs:
- get
- list
- watch
apiGroups:
- cluster.open-cluster-management.io
resources:
- managedclusters
- verbs:
- get
- list
- watch
- update
- patch
- create
apiGroups:
- cluster.open-cluster-management.io
resources:
- multiclusterhubs
- placements
- placements/status
- placement/finalizers
- placementbindings
- placementbindings/finalizers
- placementdecisions
- placementdecisions/status
- placementdecisions/finalizers
- verbs:
- create
- update
- patch
- delete
apiGroups:
- multicluster.openshift.io
resources:
- multiclusterengines
- verbs:
- get
- list
- watch
apiGroups:
- operator.open-cluster-management.io
resources:
- multiclusterhubs
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- apps.open-cluster-management.io
resources:
- deployables
- deployables/status
- placementrules
- placementrules/status
- placementrules/finalizers
- channels
- channels/status
- channels/finalizers
- subscriptions
- subscriptions/status
- subscriptions/finalizers
- subscriptions/status
- subscriptionstatuses
- subscriptionreports
- verbs:
- get
- list
- watch
- create
- update
- patch
- delete
apiGroups:
- app.k8s.io
- argoproj.io
resources:
- applications
- applications/status
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- argoproj.io
resources:
- applications
- applications/status
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- agent.open-cluster-management.io
resources:
- klusterletaddonconfigs
- verbs:
- get
- list
- create
- update
- patch
- delete
apiGroups:
- apps.open-cluster-management.io
resources:
- placementrules
- verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
apiGroups:
- ''
resources:
- secrets
- serviceaccounts
- verbs:
- get
- list
- watch
- create
- update
- patch
- delete
apiGroups:
- apps.open-cluster-management.io
resources:
- subscriptionreports
- verbs:
- get
- list
- create
- update
- patch
- delete
apiGroups:
- apps.open-cluster-management.io
resources:
- subscriptions
- verbs:
- get
- list
- watch
- create
- update
- patch
- delete
apiGroups:
- apps.open-cluster-management.io
resources:
- subscriptionstatuses
- verbs:
- create
- delete
- get
- list
- deletecollection
- update
- patch
- watch
apiGroups:
- ''
resources:
Expand All @@ -548,89 +396,64 @@ spec:
- verbs:
- get
- list
- update
- create
- watch
- create
- update
- patch
- delete
apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
- clusterrolebindings
- clusterroles
- verbs:
- get
- list
- watch
- update
- create
- update
- patch
- delete
apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
- verbs:
- get
- list
- watch
apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- verbs:
- get
- list
- watch
apiGroups:
- certificates.k8s.io
- coordination.k8s.io
- apiextensions.k8s.io
resources:
- certificatesigningrequests
- customresourcedefinitions
- leases
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
- verbs:
- get
- list
- watch
- create
- update
- patch
- delete
apiGroups:
- hive.openshift.io
- multicluster.openshift.io
resources:
- clusterimagesets
- multiclusterengines
- verbs:
- get
- list
- watch
- update
- create
apiGroups:
- coordination.k8s.io
resources:
- leases
- verbs:
- get
- list
- watch
- update
- patch
- delete
apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
- verbs:
- get
- list
- watch
apiGroups:
- app.k8s.io
resources:
- applications
- verbs:
- get
- list
- watch
- update
apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
serviceAccountName: multicluster-applications
deployments:
- name: multicluster-operators-application
Expand Down

0 comments on commit c620b78

Please sign in to comment.