diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 9253d81..419dce0 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -49,17 +49,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get - - list - - patch - - update - - watch - apiGroups: - batch resources: @@ -80,28 +69,6 @@ rules: - get - list - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - get - - list - - patch - - update - - watch - apiGroups: - security.openshift.io resourceNames: diff --git a/controllers/ansibletest_controller.go b/controllers/ansibletest_controller.go index 7ed5903..6e6b7b1 100644 --- a/controllers/ansibletest_controller.go +++ b/controllers/ansibletest_controller.go @@ -54,14 +54,11 @@ func (r *AnsibleTestReconciler) GetLogger(ctx context.Context) logr.Logger { // +kubebuilder:rbac:groups=test.openstack.org,namespace=,resources=ansibletests/finalizers,verbs=update;patch // +kubebuilder:rbac:groups=batch,namespace=,resources=jobs,verbs=get;list;watch;create;patch;update;delete; // +kubebuilder:rbac:groups=k8s.cni.cncf.io,namespace=,resources=network-attachment-definitions,verbs=get;list;watch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=roles,verbs=get;list;watch;create;update;patch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=rolebindings,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="security.openshift.io",namespace=,resourceNames=anyuid;privileged;nonroot;nonroot-v2,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups="",resources=secrets,namespace=,verbs=get;list;watch // +kubebuilder:rbac:groups="",resources=configmaps,namespace=,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups="",resources=pods,namespace=,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,namespace=,verbs=get;list;create;update;watch;patch;delete -// +kubebuilder:rbac:groups="",resources=serviceaccounts,namespace=,verbs=get;list;watch;create;update;patch // Reconcile - AnsibleTest func (r *AnsibleTestReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) { diff --git a/controllers/horizontest_controller.go b/controllers/horizontest_controller.go index 540a052..a0dd7cf 100644 --- a/controllers/horizontest_controller.go +++ b/controllers/horizontest_controller.go @@ -51,14 +51,11 @@ func (r *HorizonTestReconciler) GetLogger(ctx context.Context) logr.Logger { // +kubebuilder:rbac:groups=test.openstack.org,namespace=,resources=horizontests/finalizers,verbs=update;patch // +kubebuilder:rbac:groups=batch,namespace=,resources=jobs,verbs=get;list;watch;create;patch;update;delete; // +kubebuilder:rbac:groups=k8s.cni.cncf.io,namespace=,resources=network-attachment-definitions,verbs=get;list;watch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=roles,verbs=get;list;watch;create;update;patch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=rolebindings,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="security.openshift.io",namespace=,resourceNames=anyuid;privileged;nonroot;nonroot-v2,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups="",resources=secrets,namespace=,verbs=get;list;watch // +kubebuilder:rbac:groups="",resources=configmaps,namespace=,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups="",resources=pods,namespace=,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,namespace=,verbs=get;list;create;update;watch;patch;delete -// +kubebuilder:rbac:groups="",resources=serviceaccounts,namespace=,verbs=get;list;watch;create;update;patch // Reconcile - HorizonTest func (r *HorizonTestReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) { diff --git a/controllers/tempest_controller.go b/controllers/tempest_controller.go index de6ff43..a7f7dc9 100644 --- a/controllers/tempest_controller.go +++ b/controllers/tempest_controller.go @@ -56,14 +56,11 @@ func (r *TempestReconciler) GetLogger(ctx context.Context) logr.Logger { // +kubebuilder:rbac:groups=test.openstack.org,namespace=,resources=tempests/finalizers,verbs=update;patch // +kubebuilder:rbac:groups=batch,resources=jobs,namespace=,verbs=get;list;watch;create;patch;update;delete; // +kubebuilder:rbac:groups=k8s.cni.cncf.io,namespace=,resources=network-attachment-definitions,verbs=get;list;watch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=roles,verbs=get;list;watch;create;update;patch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=rolebindings,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="security.openshift.io",namespace=,resourceNames=anyuid;privileged;nonroot;nonroot-v2,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups="",resources=secrets,namespace=,verbs=get;list;watch // +kubebuilder:rbac:groups="",resources=configmaps,namespace=,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups="",resources=pods,namespace=,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,namespace=,verbs=get;list;create;update;watch;patch;delete -// +kubebuilder:rbac:groups="",resources=serviceaccounts,namespace=,verbs=get;list;watch;create;update;patch // Reconcile - Tempest func (r *TempestReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) { diff --git a/controllers/tobiko_controller.go b/controllers/tobiko_controller.go index 03c8f7a..329390a 100644 --- a/controllers/tobiko_controller.go +++ b/controllers/tobiko_controller.go @@ -57,14 +57,11 @@ func (r *TobikoReconciler) GetLogger(ctx context.Context) logr.Logger { // +kubebuilder:rbac:groups=test.openstack.org,namespace=,resources=tobikoes/finalizers,verbs=update;patch // +kubebuilder:rbac:groups=batch,namespace=,resources=jobs,verbs=get;list;watch;create;patch;update;delete; // +kubebuilder:rbac:groups=k8s.cni.cncf.io,namespace=,resources=network-attachment-definitions,verbs=get;list;watch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=roles,verbs=get;list;watch;create;update;patch -// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",namespace=,resources=rolebindings,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="security.openshift.io",namespace=,resourceNames=anyuid;privileged;nonroot;nonroot-v2,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups="",namespace=,resources=secrets,verbs=get;list;watch // +kubebuilder:rbac:groups="",namespace=,resources=configmaps,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups="",namespace=,resources=pods,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups="",namespace=,resources=persistentvolumeclaims,verbs=get;list;create;update;watch;patch;delete -// +kubebuilder:rbac:groups="",namespace=,resources=serviceaccounts,verbs=get;list;watch;create;update;patch // Reconcile - Tobiko func (r *TobikoReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) {