From 2146f2f2216570691787edd9f04ab3e09926c2b5 Mon Sep 17 00:00:00 2001 From: Anirudh Date: Fri, 6 Jan 2017 13:03:44 -0800 Subject: [PATCH 1/2] Allow disruption controller to read statefulsets --- .../auth/authorizer/rbac/bootstrappolicy/controller_policy.go | 1 + 1 file changed, 1 insertion(+) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go index 1171cd317d1..19f0632d3df 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go @@ -108,6 +108,7 @@ func init() { rbac.NewRule("get", "list", "watch").Groups(extensionsGroup).Resources("replicasets").RuleOrDie(), rbac.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("replicationcontrollers").RuleOrDie(), rbac.NewRule("get", "list", "watch").Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), + rbac.NewRule("get", "list", "watch").Groups(appsGroup).Resources("statefulsets").RuleOrDie(), rbac.NewRule("update").Groups(policyGroup).Resources("poddisruptionbudgets/status").RuleOrDie(), eventsRule(), }, From a8a65022b48a05cbab3756ba7c8caaf40f4b15ee Mon Sep 17 00:00:00 2001 From: Anirudh Date: Fri, 6 Jan 2017 13:36:34 -0800 Subject: [PATCH 2/2] Update fixtures --- .../rbac/bootstrappolicy/testdata/controller-roles.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml index f4ba1ca014e..add13f97bb7 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml @@ -263,6 +263,15 @@ items: - get - list - watch + - apiGroups: + - apps + attributeRestrictions: null + resources: + - statefulsets + verbs: + - get + - list + - watch - apiGroups: - policy attributeRestrictions: null