Skip to content

Commit 820038d

Browse files
siddhibhor-56siddhibhor-56
committed
Removes the unused delete and patch permissions.
1 parent aeb85d3 commit 820038d

File tree

2 files changed

+40
-26
lines changed

2 files changed

+40
-26
lines changed

config/rbac/role.yaml

Lines changed: 31 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,6 @@ rules:
88
- ""
99
resources:
1010
- configmaps
11-
- events
12-
- secrets
13-
- serviceaccounts
14-
- services
1511
verbs:
1612
- create
1713
- delete
@@ -30,6 +26,19 @@ rules:
3026
- get
3127
- list
3228
- watch
29+
- apiGroups:
30+
- ""
31+
resources:
32+
- events
33+
- secrets
34+
- serviceaccounts
35+
- services
36+
verbs:
37+
- create
38+
- get
39+
- list
40+
- update
41+
- watch
3342
- apiGroups:
3443
- ""
3544
resources:
@@ -42,10 +51,8 @@ rules:
4251
- validatingwebhookconfigurations
4352
verbs:
4453
- create
45-
- delete
4654
- get
4755
- list
48-
- patch
4956
- update
5057
- watch
5158
- apiGroups:
@@ -66,10 +73,8 @@ rules:
6673
- deployments
6774
verbs:
6875
- create
69-
- delete
7076
- get
7177
- list
72-
- patch
7378
- update
7479
- watch
7580
- apiGroups:
@@ -80,10 +85,8 @@ rules:
8085
- issuers
8186
verbs:
8287
- create
83-
- delete
8488
- get
8589
- list
86-
- patch
8790
- update
8891
- watch
8992
- apiGroups:
@@ -92,10 +95,8 @@ rules:
9295
- leases
9396
verbs:
9497
- create
95-
- delete
9698
- get
9799
- list
98-
- patch
99100
- update
100101
- watch
101102
- apiGroups:
@@ -162,13 +163,10 @@ rules:
162163
- operator.openshift.io
163164
resources:
164165
- externalsecrets
165-
- externalsecretsmanagers
166166
verbs:
167167
- create
168-
- delete
169168
- get
170169
- list
171-
- patch
172170
- update
173171
- watch
174172
- apiGroups:
@@ -182,6 +180,24 @@ rules:
182180
- operator.openshift.io
183181
resources:
184182
- externalsecrets/status
183+
verbs:
184+
- get
185+
- update
186+
- apiGroups:
187+
- operator.openshift.io
188+
resources:
189+
- externalsecretsmanagers
190+
verbs:
191+
- create
192+
- delete
193+
- get
194+
- list
195+
- patch
196+
- update
197+
- watch
198+
- apiGroups:
199+
- operator.openshift.io
200+
resources:
185201
- externalsecretsmanagers/status
186202
verbs:
187203
- get
@@ -196,9 +212,7 @@ rules:
196212
- roles
197213
verbs:
198214
- create
199-
- delete
200215
- get
201216
- list
202-
- patch
203217
- update
204218
- watch

pkg/controller/external_secrets/controller.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -90,17 +90,17 @@ type Reconciler struct {
9090
optionalResourcesList map[string]struct{}
9191
}
9292

93-
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete
94-
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecretsmanagers,verbs=get;list;watch;create;update;patch;delete
95-
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets/status,verbs=get;update;patch
93+
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets,verbs=get;list;watch;create;update
94+
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecretsmanagers,verbs=get;list;watch;create;update
95+
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets/status,verbs=get;update
9696
// +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets/finalizers,verbs=update
97-
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete
97+
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update
9898

99-
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
100-
// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
101-
// +kubebuilder:rbac:groups="",resources=events;secrets;services;serviceaccounts,verbs=get;list;watch;create;update;patch;delete
102-
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
103-
// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates;clusterissuers;issuers,verbs=get;list;watch;create;update;patch;delete
99+
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch;create;update
100+
// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update
101+
// +kubebuilder:rbac:groups="",resources=events;secrets;services;serviceaccounts,verbs=get;list;watch;create;update
102+
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update
103+
// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates;clusterissuers;issuers,verbs=get;list;watch;create;update
104104
// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;create
105105

106106
// +kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch;create

0 commit comments

Comments
 (0)