github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 07:20:13 +00:00
Code Issues Projects Releases Wiki Activity

Add single-item list/watch to delegated authentication reader role

Browse Source
This commit is contained in:
Jordan Liggitt 2019-11-15 20:37:43 -05:00
parent 9859e73433
commit ba93157fd2
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/namespace_policy.go
View File

@ -77,7 +77,7 @@ func init() {
ObjectMeta: metav1.ObjectMeta{Name: "extension-apiserver-authentication-reader"},
Rules: []rbacv1.PolicyRule{
// this particular config map is exposed and contains authentication configuration information
rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("configmaps").Names("extension-apiserver-authentication").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups(legacyGroup).Resources("configmaps").Names("extension-apiserver-authentication").RuleOrDie(),
},
})
addNamespaceRole(metav1.NamespaceSystem, rbacv1.Role{

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/namespace-roles.yaml vendored
View File

@ -55,6 +55,8 @@ items:
- configmaps
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata: