From 7ba52472b7e83a69bec3f55c63bbd72ba919964a Mon Sep 17 00:00:00 2001
From: Patrick Ohly <patrick.ohly@intel.com>
Date: Fri, 2 Nov 2018 12:29:16 +0100
Subject: [PATCH] e2e: remove "nodes" permission from driver-registrar RBAC

In the review of
https://github.com/kubernetes-csi/driver-registrar/pull/69 it was
pointed out that the "nodes" permissions are not longer needed.
---
 .../storage-csi/driver-registrar/rbac.yaml          | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml b/test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml
index 7220c10a8c6..a4f4f1aacef 100644
--- a/test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml
+++ b/test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml
@@ -24,9 +24,16 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "update", "patch"]
+  # The following permissions are only needed when running
+  # driver-registrar without the --kubelet-registration-path
+  # parameter, i.e. when using driver-registrar instead of
+  # kubelet to update the csi.volume.kubernetes.io/nodeid
+  # annotation. That mode of operation is going to be deprecated
+  # and should not be used anymore, but is needed on older
+  # Kubernetes versions.
+  # - apiGroups: [""]
+  #   resources: ["nodes"]
+  #   verbs: ["get", "update", "patch"]
 
 ---
 kind: ClusterRoleBinding