github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-14 13:45:06 +00:00
Code Issues Projects Releases Wiki Activity

rbac bootstrap policy: add selfsubjectrulesreviews to basic-user

Browse Source
This commit is contained in:
Eric Chiang
2017-11-20 14:03:04 -08:00
parent db4134d03f
commit 21ab4d0c9b
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@@ -169,7 +169,7 @@ func ClusterRoles() []rbac.ClusterRole {
ObjectMeta: metav1.ObjectMeta{Name: "system:basic-user"}, ObjectMeta: metav1.ObjectMeta{Name: "system:basic-user"},
Rules: []rbac.PolicyRule{ Rules: []rbac.PolicyRule{
// TODO add future selfsubjectrulesreview, project request APIs, project listing APIs // TODO add future selfsubjectrulesreview, project request APIs, project listing APIs
rbac.NewRule("create").Groups(authorizationGroup).Resources("selfsubjectaccessreviews").RuleOrDie(), rbac.NewRule("create").Groups(authorizationGroup).Resources("selfsubjectaccessreviews", "selfsubjectrulesreviews").RuleOrDie(),
}, },
}, },

1
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@@ -522,6 +522,7 @@ items:
- authorization.k8s.io - authorization.k8s.io
resources: resources:
- selfsubjectaccessreviews - selfsubjectaccessreviews
- selfsubjectrulesreviews
verbs: verbs:
- create - create
- apiVersion: rbac.authorization.k8s.io/v1 - apiVersion: rbac.authorization.k8s.io/v1