Skip to content

Commit

Permalink
helm: aggregated clusterrole to view secretproviderclasspodstatuses
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikgb
erikgb committed Aug 25, 2023
1 parent 2f3535d commit 606d373
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 0 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,7 @@ e2e-deploy-manifest:
kubectl apply -f manifest_staging/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml
kubectl apply -f manifest_staging/deploy/role-secretproviderclasses-admin.yaml
kubectl apply -f manifest_staging/deploy/role-secretproviderclasses-viewer.yaml
kubectl apply -f manifest_staging/deploy/role-secretproviderclasspodstatuses-viewer.yaml

yq e '(.spec.template.spec.containers[1].image = "$(IMAGE_TAG)") | (.spec.template.spec.containers[1].args as $$x | $$x += "--enable-secret-rotation=true" | $$x[-1] style="double") | (.spec.template.spec.containers[1].args as $$x | $$x += "--rotation-poll-interval=30s" | $$x[-1] style="double")' 'manifest_staging/deploy/secrets-store-csi-driver.yaml' | kubectl apply -f -

Expand Down
21 changes: 21 additions & 0 deletions ...charts/secrets-store-csi-driver/templates/role-secretproviderclasspodstatuses-viewer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{ if .Values.rbac.install }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
{{ include "sscd.labels" . | indent 4 }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasspodstatuses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- get
- list
- watch
{{ end }}
15 changes: 15 additions & 0 deletions manifest_staging/deploy/role-secretproviderclasspodstatuses-viewer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasspodstatuses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- get
- list
- watch
3 changes: 3 additions & 0 deletions test/bats/e2e-provider.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ export VALIDATE_TOKENS_AUDIENCE=$(get_token_requests_audience)
run kubectl get clusterrole/secretproviderclasses-viewer-role
assert_success

run kubectl get clusterrole/secretproviderclasspodstatuses-viewer-role
assert_success

run kubectl get clusterrole/secretproviderrotation-role
assert_success

Expand Down

0 comments on commit 606d373

Please sign in to comment.