Skip to content

Commit 54b3259

Browse files
DiaphteirosDiaphteiros
committed
grant provider init jobs cluster-admin privileges
1 parent c9da873 commit 54b3259

File tree

2 files changed

+1
-39
lines changed

2 files changed

+1
-39
lines changed

internal/controllers/provider/install/installer.go

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,6 @@ func (a *Installer) InstallInitJob(ctx context.Context) (completed bool, err err
4848
return false, err
4949
}
5050

51-
if err = resources.CreateOrUpdateResource(ctx, a.PlatformClient, newInitClusterRoleMutator(values)); err != nil {
52-
return false, err
53-
}
54-
5551
if err = resources.CreateOrUpdateResource(ctx, a.PlatformClient, newInitClusterRoleBindingMutator(values)); err != nil {
5652
return false, err
5753
}
@@ -159,10 +155,6 @@ func (a *Installer) UninstallProvider(ctx context.Context) (deleted bool, err er
159155
return false, err
160156
}
161157

162-
if err := resources.DeleteResource(ctx, a.PlatformClient, newInitClusterRoleMutator(values)); err != nil {
163-
return false, err
164-
}
165-
166158
if err := resources.DeleteResource(ctx, a.PlatformClient, newInitServiceAccountMutator(values)); err != nil {
167159
return false, err
168160
}

internal/controllers/provider/install/rbac_init.go

Lines changed: 1 addition & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -23,37 +23,7 @@ func newInitClusterRoleBindingMutator(values *Values) resources.Mutator[*rbac.Cl
2323
Namespace: values.Namespace(),
2424
},
2525
},
26-
resources.NewClusterRoleRef(clusterRoleName),
27-
)
28-
res.MetadataMutator().WithLabels(values.LabelsInitJob())
29-
return res
30-
}
31-
32-
func newInitClusterRoleMutator(values *Values) resources.Mutator[*rbac.ClusterRole] {
33-
res := resources.NewClusterRoleMutator(
34-
values.ClusterScopedResourceName(initPrefix),
35-
[]rbac.PolicyRule{
36-
{
37-
APIGroups: []string{"apiextensions.k8s.io"},
38-
Resources: []string{"customresourcedefinitions"},
39-
Verbs: []string{"get", "list", "watch", "create", "update", "patch", "delete"},
40-
},
41-
{
42-
APIGroups: []string{""},
43-
Resources: []string{"secrets"},
44-
Verbs: []string{"get", "list", "watch"},
45-
},
46-
{
47-
APIGroups: []string{""},
48-
Resources: []string{"configmaps"},
49-
Verbs: []string{"get", "list", "watch"},
50-
},
51-
{
52-
APIGroups: []string{"clusters.openmcp.cloud"},
53-
Resources: []string{"accessrequests", "clusterrequests", "clusterprofiles"},
54-
Verbs: []string{"get", "list", "watch", "create", "update", "patch", "delete"},
55-
},
56-
},
26+
resources.NewClusterRoleRef("cluster-admin"),
5727
)
5828
res.MetadataMutator().WithLabels(values.LabelsInitJob())
5929
return res

0 commit comments

Comments
 (0)