Skip to content

Commit

Permalink
add snapshot APIGroup to aggregate cluster rules
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Henriksen <[email protected]>
  • Loading branch information
mhenriks committed Sep 17, 2020

Verified

This commit was signed with the committer’s verified signature.
jorenham Joren Hammudoglu
1 parent 6c69454 commit 18cd96e
Showing 4 changed files with 126 additions and 0 deletions.
39 changes: 39 additions & 0 deletions manifests/generated/operator-csv.yaml.in
Original file line number Diff line number Diff line change
@@ -645,6 +645,21 @@ spec:
- list
- watch
- deletecollection
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- subresources.kubevirt.io
resources:
@@ -678,6 +693,20 @@ spec:
- patch
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- kubevirt.io
resources:
@@ -690,6 +719,16 @@ spec:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
39 changes: 39 additions & 0 deletions manifests/generated/rbac-operator.authorization.k8s.yaml.in
Original file line number Diff line number Diff line change
@@ -547,6 +547,21 @@ rules:
- list
- watch
- deletecollection
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- deletecollection
- apiGroups:
- subresources.kubevirt.io
resources:
@@ -580,6 +595,20 @@ rules:
- patch
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- delete
- create
- update
- patch
- list
- watch
- apiGroups:
- kubevirt.io
resources:
@@ -592,6 +621,16 @@ rules:
- get
- list
- watch
- apiGroups:
- snapshot.kubevirt.io
resources:
- virtualmachinesnapshots
- virtualmachinesnapshotcontents
- virtualmachinerestores
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
39 changes: 39 additions & 0 deletions pkg/virt-operator/creation/rbac/cluster.go
Original file line number Diff line number Diff line change
@@ -158,6 +158,19 @@ func newAdminClusterRole() *rbacv1.ClusterRole {
"get", "delete", "create", "update", "patch", "list", "watch", "deletecollection",
},
},
{
APIGroups: []string{
"snapshot.kubevirt.io",
},
Resources: []string{
"virtualmachinesnapshots",
"virtualmachinesnapshotcontents",
"virtualmachinerestores",
},
Verbs: []string{
"get", "delete", "create", "update", "patch", "list", "watch", "deletecollection",
},
},
},
}
}
@@ -218,6 +231,19 @@ func newEditClusterRole() *rbacv1.ClusterRole {
"get", "delete", "create", "update", "patch", "list", "watch",
},
},
{
APIGroups: []string{
"snapshot.kubevirt.io",
},
Resources: []string{
"virtualmachinesnapshots",
"virtualmachinesnapshotcontents",
"virtualmachinerestores",
},
Verbs: []string{
"get", "delete", "create", "update", "patch", "list", "watch",
},
},
},
}
}
@@ -251,6 +277,19 @@ func newViewClusterRole() *rbacv1.ClusterRole {
"get", "list", "watch",
},
},
{
APIGroups: []string{
"snapshot.kubevirt.io",
},
Resources: []string{
"virtualmachinesnapshots",
"virtualmachinesnapshotcontents",
"virtualmachinerestores",
},
Verbs: []string{
"get", "list", "watch",
},
},
},
}
}
9 changes: 9 additions & 0 deletions tests/access_test.go
Original file line number Diff line number Diff line change
@@ -134,6 +134,9 @@ var _ = Describe("[rfe_id:500][crit:high][vendor:[email protected]][level:compon
table.Entry("[test_id:528]given a vmi preset", "virtualmachineinstancepresets"),
table.Entry("[test_id:529][crit:low]given a vmi replica set", "virtualmachineinstancereplicasets"),
table.Entry("[test_id:3230]given a vmi migration", "virtualmachineinstancemigrations"),
table.Entry("given a vmsnapshot", "virtualmachinesnapshots"),
table.Entry("given a vmsnapshotcontent", "virtualmachinesnapshotcontents"),
table.Entry("given a vmsrestore", "virtualmachinerestores"),
)

var authClient *authClientV1.AuthorizationV1Client
@@ -285,6 +288,9 @@ var _ = Describe("[rfe_id:500][crit:high][vendor:[email protected]][level:compon
table.Entry("[test_id:2917]given a vmi preset", "virtualmachineinstancepresets"),
table.Entry("[test_id:2919]given a vmi replica set", "virtualmachineinstancereplicasets"),
table.Entry("[test_id:3235]given a vmi migration", "virtualmachineinstancemigrations"),
table.Entry("given a vmsnapshot", "virtualmachinesnapshots"),
table.Entry("given a vmsnapshotcontent", "virtualmachinesnapshotcontents"),
table.Entry("given a vmsrestore", "virtualmachinerestores"),
)
})

@@ -316,6 +322,9 @@ var _ = Describe("[rfe_id:500][crit:high][vendor:[email protected]][level:compon
table.Entry("[test_id:2916]given a vmi preset", "virtualmachineinstancepresets"),
table.Entry("[test_id:2918][crit:low]given a vmi replica set", "virtualmachineinstancereplicasets"),
table.Entry("[test_id:2837]given a vmi migration", "virtualmachineinstancemigrations"),
table.Entry("given a vmsnapshot", "virtualmachinesnapshots"),
table.Entry("given a vmsnapshotcontent", "virtualmachinesnapshotcontents"),
table.Entry("given a vmsrestore", "virtualmachinerestores"),
)
})
})

0 comments on commit 18cd96e

Please sign in to comment.