From 4f2c608dda480a3dcfa76d9d5839554cb1a976b8 Mon Sep 17 00:00:00 2001 From: Rashed Kamal Date: Wed, 8 Jun 2022 23:21:00 -0400 Subject: [PATCH 1/2] fix: New ClusterRole service-binding-provisioned-service, updated existing roles Signed-off-by: Rashed Kamal --- config/200-clusterrole.yaml | 17 ++++++++++++++--- config/201-clusterrolebinding.yaml | 1 + 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml index dc2969f6..c8dbc7d4 100644 --- a/config/200-clusterrole.yaml +++ b/config/200-clusterrole.yaml @@ -10,7 +10,7 @@ metadata: aggregationRule: clusterRoleSelectors: - matchLabels: - servicebinding.io/controller: "true" + bindings.labs.vmware.com/admin: "true" # legacy support - matchLabels: service.binding/controller: "true" @@ -22,7 +22,7 @@ metadata: name: service-binding-core labels: bindings.labs.vmware.com/release: devel - servicebinding.io/controller: "true" + bindings.labs.vmware.com/admin: "true" rules: - apiGroups: [""] resources: ["configmaps", "services", "secrets", "events", "namespaces"] @@ -46,7 +46,7 @@ metadata: name: service-binding-crd labels: bindings.labs.vmware.com/release: devel - servicebinding.io/controller: "true" + bindings.labs.vmware.com/admin: "true" rules: - apiGroups: ["servicebinding.io"] resources: ["*"] @@ -100,3 +100,14 @@ rules: - apiGroups: ["servicebinding.io"] resources: ["servicebindings"] verbs: ["get","list","watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: service-binding-provisioned-service + labels: + servicebinding.io/controller: "true" +rules: +- apiGroups: ["bindings.labs.vmware.com"] + resources: ["*"] + verbs: ["get","list","watch"] diff --git a/config/201-clusterrolebinding.yaml b/config/201-clusterrolebinding.yaml index 7c034639..5a5357ca 100644 --- a/config/201-clusterrolebinding.yaml +++ b/config/201-clusterrolebinding.yaml @@ -7,6 +7,7 @@ metadata: name: service-binding-controller-admin labels: bindings.labs.vmware.com/release: devel + bindings.labs.vmware.com/admin: "true" subjects: - kind: ServiceAccount name: controller From ba92936c6580ea9daaf1bb00c4d6f0f1050e8de8 Mon Sep 17 00:00:00 2001 From: Rashed Kamal Date: Thu, 9 Jun 2022 09:48:08 -0400 Subject: [PATCH 2/2] Changes related to PR comments Signed-off-by: Rashed Kamal --- config/200-clusterrole.yaml | 6 ++++-- config/201-clusterrolebinding.yaml | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml index c8dbc7d4..44979294 100644 --- a/config/200-clusterrole.yaml +++ b/config/200-clusterrole.yaml @@ -11,6 +11,8 @@ aggregationRule: clusterRoleSelectors: - matchLabels: bindings.labs.vmware.com/admin: "true" + - matchLabels: + servicebinding.io/controller: "true" # legacy support - matchLabels: service.binding/controller: "true" @@ -104,10 +106,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: service-binding-provisioned-service + name: service-binding-provisioned-services labels: servicebinding.io/controller: "true" rules: - apiGroups: ["bindings.labs.vmware.com"] - resources: ["*"] + resources: ["provisionedservices"] verbs: ["get","list","watch"] diff --git a/config/201-clusterrolebinding.yaml b/config/201-clusterrolebinding.yaml index 5a5357ca..7c034639 100644 --- a/config/201-clusterrolebinding.yaml +++ b/config/201-clusterrolebinding.yaml @@ -7,7 +7,6 @@ metadata: name: service-binding-controller-admin labels: bindings.labs.vmware.com/release: devel - bindings.labs.vmware.com/admin: "true" subjects: - kind: ServiceAccount name: controller