Skip to content

Update RBAC rules for external provisioner and attacher to the updated roles required based on upstream repositories #284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 5, 2019
Merged

Update RBAC rules for external provisioner and attacher to the updated roles required based on upstream repositories #284

merged 1 commit into from
Jun 5, 2019

Conversation

davidz627
Copy link
Contributor

@davidz627 davidz627 commented Jun 5, 2019
edited
Loading

Resolves: #281

Should fix the "latest" test failures.

/assign @msau42 @verult

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 5, 2019
@k8s-ci-robot k8s-ci-robot requested review from jingxu97 and verult June 5, 2019 00:26
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidz627

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 5, 2019
@verult
Copy link
Contributor

verult commented Jun 5, 2019

/lgtm

In the future it would be nice to include snapshotter RBAC rules only for the alpha deployment, if possible

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 5, 2019
@verult verult mentioned this pull request Jun 5, 2019
Merged
@davidz627 davidz627 force-pushed the feature/updateRBAC branch from 6e2ed26 to a5f3725 Compare June 5, 2019 01:10
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 5, 2019
@davidz627
Copy link
Contributor Author

moved snapshot rules to alpha overlay

verult
verult reviewed Jun 5, 2019
View reviewed changes
deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml Outdated
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Secrets were originally included in attacher roles and then later removed. Do we need the secrets permissions here for different reasons?

@jingxu97

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so. Secrets are only required if the plugin needs them, and pd doesn't.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolved

@davidz627
Update RBAC rules for external provisioner and attacher to the update…
d1538d7 
…d roles required based on upstream repositories
@davidz627 davidz627 force-pushed the feature/updateRBAC branch from a5f3725 to d1538d7 Compare June 5, 2019 21:29
@msau42
Copy link
Contributor

msau42 commented Jun 5, 2019

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 5, 2019
@k8s-ci-robot k8s-ci-robot merged commit e1c01f8 into kubernetes-sigs:master Jun 5, 2019
@davidz627 davidz627 deleted the feature/updateRBAC branch June 5, 2019 22:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@verult verult verult left review comments

@msau42 msau42 msau42 left review comments

@jingxu97 jingxu97 Awaiting requested review from jingxu97

Assignees

@verult verult

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

External attacher RBAC out of date
4 participants
@davidz627 @k8s-ci-robot @verult @msau42