github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 07:47:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #37020 from deads2k/rbac-20-delegated-role

Browse Source 
Automatic merge from submit-queue

auth delegation role

Add a bootstrap role for authentication and authorization delegation.  Useful for extension API servers.

@kubernetes/sig-auth
This commit is contained in:
Kubernetes Submit Queue 2016-12-01 06:31:31 -08:00 committed by GitHub
commit 4c50486735
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -194,6 +194,15 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule("list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(), rbac.NewRule("list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(),
}, },
}, },
{
// a role to use for allowing authentication and authorization delegation
ObjectMeta: api.ObjectMeta{Name: "system:auth-delegator"},
Rules: []rbac.PolicyRule{
// These creates are non-mutating
rbac.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(),
rbac.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(),
},
},
} }
} }