Skip to content

Commit 11a8d39

Browse files
Edan-HamiltonEdan-Hamilton
committed
Add AppArmorProfile to security-profiles-operator role
1 parent b39492b commit 11a8d39

File tree

8 files changed

+90
-63
lines changed

8 files changed

+90
-63
lines changed

deploy/base/role.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -115,15 +115,7 @@ rules:
115115
- apiGroups:
116116
- security-profiles-operator.x-k8s.io
117117
resources:
118-
- profilerecordings
119-
- profilerecordings/finalizers
120-
verbs:
121-
- get
122-
- list
123-
- watch
124-
- apiGroups:
125-
- security-profiles-operator.x-k8s.io
126-
resources:
118+
- apparmorprofiles
127119
- rawselinuxprofiles
128120
verbs:
129121
- create
@@ -135,6 +127,7 @@ rules:
135127
- apiGroups:
136128
- security-profiles-operator.x-k8s.io
137129
resources:
130+
- apparmorprofiles/finalizers
138131
- rawselinuxprofiles/finalizers
139132
- seccompprofiles/finalizers
140133
- securityprofilesoperatordaemons/finalizers
@@ -147,6 +140,7 @@ rules:
147140
- apiGroups:
148141
- security-profiles-operator.x-k8s.io
149142
resources:
143+
- apparmorprofiles/status
150144
- rawselinuxprofiles/status
151145
- seccompprofiles/status
152146
- securityprofilesoperatordaemons/status
@@ -155,6 +149,15 @@ rules:
155149
- get
156150
- patch
157151
- update
152+
- apiGroups:
153+
- security-profiles-operator.x-k8s.io
154+
resources:
155+
- profilerecordings
156+
- profilerecordings/finalizers
157+
verbs:
158+
- get
159+
- list
160+
- watch
158161
- apiGroups:
159162
- security-profiles-operator.x-k8s.io
160163
resources:

deploy/helm/templates/static-resources.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -160,15 +160,7 @@ rules:
160160
- apiGroups:
161161
- security-profiles-operator.x-k8s.io
162162
resources:
163-
- profilerecordings
164-
- profilerecordings/finalizers
165-
verbs:
166-
- get
167-
- list
168-
- watch
169-
- apiGroups:
170-
- security-profiles-operator.x-k8s.io
171-
resources:
163+
- apparmorprofiles
172164
- rawselinuxprofiles
173165
verbs:
174166
- create
@@ -180,6 +172,7 @@ rules:
180172
- apiGroups:
181173
- security-profiles-operator.x-k8s.io
182174
resources:
175+
- apparmorprofiles/finalizers
183176
- rawselinuxprofiles/finalizers
184177
- seccompprofiles/finalizers
185178
- securityprofilesoperatordaemons/finalizers
@@ -192,6 +185,7 @@ rules:
192185
- apiGroups:
193186
- security-profiles-operator.x-k8s.io
194187
resources:
188+
- apparmorprofiles/status
195189
- rawselinuxprofiles/status
196190
- seccompprofiles/status
197191
- securityprofilesoperatordaemons/status
@@ -200,6 +194,15 @@ rules:
200194
- get
201195
- patch
202196
- update
197+
- apiGroups:
198+
- security-profiles-operator.x-k8s.io
199+
resources:
200+
- profilerecordings
201+
- profilerecordings/finalizers
202+
verbs:
203+
- get
204+
- list
205+
- watch
203206
- apiGroups:
204207
- security-profiles-operator.x-k8s.io
205208
resources:

deploy/namespace-operator.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2519,15 +2519,7 @@ rules:
25192519
- apiGroups:
25202520
- security-profiles-operator.x-k8s.io
25212521
resources:
2522-
- profilerecordings
2523-
- profilerecordings/finalizers
2524-
verbs:
2525-
- get
2526-
- list
2527-
- watch
2528-
- apiGroups:
2529-
- security-profiles-operator.x-k8s.io
2530-
resources:
2522+
- apparmorprofiles
25312523
- rawselinuxprofiles
25322524
verbs:
25332525
- create
@@ -2539,6 +2531,7 @@ rules:
25392531
- apiGroups:
25402532
- security-profiles-operator.x-k8s.io
25412533
resources:
2534+
- apparmorprofiles/finalizers
25422535
- rawselinuxprofiles/finalizers
25432536
- seccompprofiles/finalizers
25442537
- securityprofilesoperatordaemons/finalizers
@@ -2551,6 +2544,7 @@ rules:
25512544
- apiGroups:
25522545
- security-profiles-operator.x-k8s.io
25532546
resources:
2547+
- apparmorprofiles/status
25542548
- rawselinuxprofiles/status
25552549
- seccompprofiles/status
25562550
- securityprofilesoperatordaemons/status
@@ -2559,6 +2553,15 @@ rules:
25592553
- get
25602554
- patch
25612555
- update
2556+
- apiGroups:
2557+
- security-profiles-operator.x-k8s.io
2558+
resources:
2559+
- profilerecordings
2560+
- profilerecordings/finalizers
2561+
verbs:
2562+
- get
2563+
- list
2564+
- watch
25622565
- apiGroups:
25632566
- security-profiles-operator.x-k8s.io
25642567
resources:

deploy/openshift-dev.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2588,15 +2588,7 @@ rules:
25882588
- apiGroups:
25892589
- security-profiles-operator.x-k8s.io
25902590
resources:
2591-
- profilerecordings
2592-
- profilerecordings/finalizers
2593-
verbs:
2594-
- get
2595-
- list
2596-
- watch
2597-
- apiGroups:
2598-
- security-profiles-operator.x-k8s.io
2599-
resources:
2591+
- apparmorprofiles
26002592
- rawselinuxprofiles
26012593
verbs:
26022594
- create
@@ -2608,6 +2600,7 @@ rules:
26082600
- apiGroups:
26092601
- security-profiles-operator.x-k8s.io
26102602
resources:
2603+
- apparmorprofiles/finalizers
26112604
- rawselinuxprofiles/finalizers
26122605
- seccompprofiles/finalizers
26132606
- securityprofilesoperatordaemons/finalizers
@@ -2620,6 +2613,7 @@ rules:
26202613
- apiGroups:
26212614
- security-profiles-operator.x-k8s.io
26222615
resources:
2616+
- apparmorprofiles/status
26232617
- rawselinuxprofiles/status
26242618
- seccompprofiles/status
26252619
- securityprofilesoperatordaemons/status
@@ -2628,6 +2622,15 @@ rules:
26282622
- get
26292623
- patch
26302624
- update
2625+
- apiGroups:
2626+
- security-profiles-operator.x-k8s.io
2627+
resources:
2628+
- profilerecordings
2629+
- profilerecordings/finalizers
2630+
verbs:
2631+
- get
2632+
- list
2633+
- watch
26312634
- apiGroups:
26322635
- security-profiles-operator.x-k8s.io
26332636
resources:

deploy/openshift-downstream.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2519,15 +2519,7 @@ rules:
25192519
- apiGroups:
25202520
- security-profiles-operator.x-k8s.io
25212521
resources:
2522-
- profilerecordings
2523-
- profilerecordings/finalizers
2524-
verbs:
2525-
- get
2526-
- list
2527-
- watch
2528-
- apiGroups:
2529-
- security-profiles-operator.x-k8s.io
2530-
resources:
2522+
- apparmorprofiles
25312523
- rawselinuxprofiles
25322524
verbs:
25332525
- create
@@ -2539,6 +2531,7 @@ rules:
25392531
- apiGroups:
25402532
- security-profiles-operator.x-k8s.io
25412533
resources:
2534+
- apparmorprofiles/finalizers
25422535
- rawselinuxprofiles/finalizers
25432536
- seccompprofiles/finalizers
25442537
- securityprofilesoperatordaemons/finalizers
@@ -2551,6 +2544,7 @@ rules:
25512544
- apiGroups:
25522545
- security-profiles-operator.x-k8s.io
25532546
resources:
2547+
- apparmorprofiles/status
25542548
- rawselinuxprofiles/status
25552549
- seccompprofiles/status
25562550
- securityprofilesoperatordaemons/status
@@ -2559,6 +2553,15 @@ rules:
25592553
- get
25602554
- patch
25612555
- update
2556+
- apiGroups:
2557+
- security-profiles-operator.x-k8s.io
2558+
resources:
2559+
- profilerecordings
2560+
- profilerecordings/finalizers
2561+
verbs:
2562+
- get
2563+
- list
2564+
- watch
25622565
- apiGroups:
25632566
- security-profiles-operator.x-k8s.io
25642567
resources:

deploy/operator.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2519,15 +2519,7 @@ rules:
25192519
- apiGroups:
25202520
- security-profiles-operator.x-k8s.io
25212521
resources:
2522-
- profilerecordings
2523-
- profilerecordings/finalizers
2524-
verbs:
2525-
- get
2526-
- list
2527-
- watch
2528-
- apiGroups:
2529-
- security-profiles-operator.x-k8s.io
2530-
resources:
2522+
- apparmorprofiles
25312523
- rawselinuxprofiles
25322524
verbs:
25332525
- create
@@ -2539,6 +2531,7 @@ rules:
25392531
- apiGroups:
25402532
- security-profiles-operator.x-k8s.io
25412533
resources:
2534+
- apparmorprofiles/finalizers
25422535
- rawselinuxprofiles/finalizers
25432536
- seccompprofiles/finalizers
25442537
- securityprofilesoperatordaemons/finalizers
@@ -2551,6 +2544,7 @@ rules:
25512544
- apiGroups:
25522545
- security-profiles-operator.x-k8s.io
25532546
resources:
2547+
- apparmorprofiles/status
25542548
- rawselinuxprofiles/status
25552549
- seccompprofiles/status
25562550
- securityprofilesoperatordaemons/status
@@ -2559,6 +2553,15 @@ rules:
25592553
- get
25602554
- patch
25612555
- update
2556+
- apiGroups:
2557+
- security-profiles-operator.x-k8s.io
2558+
resources:
2559+
- profilerecordings
2560+
- profilerecordings/finalizers
2561+
verbs:
2562+
- get
2563+
- list
2564+
- watch
25622565
- apiGroups:
25632566
- security-profiles-operator.x-k8s.io
25642567
resources:

deploy/webhook-operator.yaml

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2577,15 +2577,7 @@ rules:
25772577
- apiGroups:
25782578
- security-profiles-operator.x-k8s.io
25792579
resources:
2580-
- profilerecordings
2581-
- profilerecordings/finalizers
2582-
verbs:
2583-
- get
2584-
- list
2585-
- watch
2586-
- apiGroups:
2587-
- security-profiles-operator.x-k8s.io
2588-
resources:
2580+
- apparmorprofiles
25892581
- rawselinuxprofiles
25902582
verbs:
25912583
- create
@@ -2597,6 +2589,7 @@ rules:
25972589
- apiGroups:
25982590
- security-profiles-operator.x-k8s.io
25992591
resources:
2592+
- apparmorprofiles/finalizers
26002593
- rawselinuxprofiles/finalizers
26012594
- seccompprofiles/finalizers
26022595
- securityprofilesoperatordaemons/finalizers
@@ -2609,6 +2602,7 @@ rules:
26092602
- apiGroups:
26102603
- security-profiles-operator.x-k8s.io
26112604
resources:
2605+
- apparmorprofiles/status
26122606
- rawselinuxprofiles/status
26132607
- seccompprofiles/status
26142608
- securityprofilesoperatordaemons/status
@@ -2617,6 +2611,15 @@ rules:
26172611
- get
26182612
- patch
26192613
- update
2614+
- apiGroups:
2615+
- security-profiles-operator.x-k8s.io
2616+
resources:
2617+
- profilerecordings
2618+
- profilerecordings/finalizers
2619+
verbs:
2620+
- get
2621+
- list
2622+
- watch
26202623
- apiGroups:
26212624
- security-profiles-operator.x-k8s.io
26222625
resources:

internal/pkg/manager/nodestatus/nodestatus.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,12 @@ func (r *StatusReconciler) Healthz(*http.Request) error {
9898
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=seccompprofiles/status,verbs=get;update;patch
9999
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=seccompprofiles/finalizers,verbs=delete;get;update;patch
100100

101+
// Security Profiles Operator RBAC permissions to manage AppArmorProfile
102+
//nolint:lll // required for kubebuilder
103+
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=apparmorprofiles,verbs=get;list;watch;create;update;patch
104+
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=apparmorprofiles/status,verbs=get;update;patch
105+
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=apparmorprofiles/finalizers,verbs=delete;get;update;patch
106+
101107
// Security Profiles Operator RBAC permissions to manage Node Statuses
102108
//nolint:lll // required for kubebuilder
103109
// +kubebuilder:rbac:groups=security-profiles-operator.x-k8s.io,resources=securityprofilenodestatuses,verbs=get;list;watch;delete

0 commit comments

Comments
 (0)