From: Krisztian Lengyel Date: Tue, 16 Jul 2019 12:59:17 +0000 (+0200) Subject: Update DANM RBAC roles for version 4.0 X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-security.git;a=commitdiff_plain;h=1c858897ae7d4151a85631911c3645cfa00a3501 Update DANM RBAC roles for version 4.0 Change-Id: I1dbc5f6acf73ed735a5c91aef728ea6d1ef17d82 Signed-off-by: Krisztian Lengyel --- diff --git a/rbac_manifests/danm-rbac-config.yaml b/rbac_manifests/danm-rbac-config.yaml index a08796f..1851910 100644 --- a/rbac_manifests/danm-rbac-config.yaml +++ b/rbac_manifests/danm-rbac-config.yaml @@ -21,8 +21,9 @@ rules: - apiGroups: - danm.k8s.io resources: - - danmnets - danmeps + - tenantnetworks + - clusternetworks verbs: [ "*" ] - apiGroups: [ "" ] resources: [ "pods" ] diff --git a/rbac_manifests/danm-webhook.yaml b/rbac_manifests/danm-webhook.yaml new file mode 100644 index 0000000..356321b --- /dev/null +++ b/rbac_manifests/danm-webhook.yaml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: danm-webhook + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caas:danm-webhook +rules: +- apiGroups: + - danm.k8s.io + resources: + - tenantconfigs + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: caas:danm-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: caas:danm-webhook +subjects: +- kind: ServiceAccount + name: danm-webhook + namespace: kube-system diff --git a/rbac_manifests/netwatcher-rbac-config.yml b/rbac_manifests/netwatcher-rbac-config.yml index fae1c23..c626e3a 100644 --- a/rbac_manifests/netwatcher-rbac-config.yml +++ b/rbac_manifests/netwatcher-rbac-config.yml @@ -29,7 +29,8 @@ rules: - apiGroups: - "danm.k8s.io" resources: - - danmnets + - tenantnetworks + - clusternetworks verbs: - get - list diff --git a/rbac_manifests/svcwatcher-rbac-config.yml b/rbac_manifests/svcwatcher-rbac-config.yml index d827b72..e3b589e 100644 --- a/rbac_manifests/svcwatcher-rbac-config.yml +++ b/rbac_manifests/svcwatcher-rbac-config.yml @@ -49,7 +49,6 @@ rules: - apiGroups: - "danm.k8s.io" resources: - - danmnets - danmeps verbs: - get diff --git a/rbac_manifests/tiller-rbac-config.yaml b/rbac_manifests/tiller-rbac-config.yaml index 40715eb..3b457ab 100644 --- a/rbac_manifests/tiller-rbac-config.yaml +++ b/rbac_manifests/tiller-rbac-config.yaml @@ -204,7 +204,7 @@ rules: - apiGroups: - danm.k8s.io resources: - - danmnets + - tenantnetworks verbs: - create - delete @@ -228,7 +228,7 @@ rules: - patch - update - watch - + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/rpmbuild.spec b/rpmbuild.spec index 56a927d..b9b37f3 100644 --- a/rpmbuild.spec +++ b/rpmbuild.spec @@ -15,7 +15,7 @@ %define COMPONENT security %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 1.0.0 -%define RPM_MINOR_VERSION 2 +%define RPM_MINOR_VERSION 3 Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION}