Skip to content

Commit 796a660

Browse files
committed
Remove references to standard Kubernetes cluster roles
1 parent 34a424b commit 796a660

File tree

7 files changed

+3
-138
lines changed

7 files changed

+3
-138
lines changed

documentation/4.1/content/managing-operators/rbac.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,8 +141,6 @@ the following `ClusterRoleBinding` entries are mapped to a `ClusterRole` grantin
141141
| | | **Update**: domains (weblogic.oracle), domains/status | |
142142
| | | **Create**: tokenreviews, selfsubjectrulesreviews | |
143143
| Operator `nonresource` | Operator `nonresource` | **Get**: /version/* | [^1] |
144-
| Operator `discovery` | Kubernetes `system:discovery` | **See**: [Kubernetes Discovery Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#discovery-roles) | [^3] |
145-
| Operator `auth-delegator` | Kubernetes `system:auth-delegator` | **See**: [Kubernetes Component Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#other-component-roles) | [^3] |
146144

147145

148146
[^1]: The binding is assigned to the operator `ServiceAccount`.

kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-auth-delegator.tpl

Lines changed: 0 additions & 30 deletions
This file was deleted.

kubernetes/charts/weblogic-operator/templates/_operator-clusterrolebinding-discovery.tpl

Lines changed: 0 additions & 30 deletions
This file was deleted.

kubernetes/charts/weblogic-operator/templates/_operator.tpl

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Copyright (c) 2018, 2022, Oracle and/or its affiliates.
1+
# Copyright (c) 2018, 2023, Oracle and/or its affiliates.
22
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
33

44
{{- if and (not (empty .Capabilities.APIVersions)) (not (.Capabilities.APIVersions.Has "policy/v1")) }}
@@ -14,8 +14,6 @@
1414
{{- include "operator.operatorClusterRoleOperatorAdmin" . }}
1515
{{- include "operator.operatorClusterRoleDomainAdmin" . }}
1616
{{- include "operator.clusterRoleBindingGeneral" . }}
17-
{{- include "operator.clusterRoleBindingAuthDelegator" . }}
18-
{{- include "operator.clusterRoleBindingDiscovery" . }}
1917
{{- if not (eq .domainNamespaceSelectionStrategy "Dedicated") }}
2018
{{- include "operator.clusterRoleBindingNonResource" . }}
2119
{{- end }}

kubernetes/src/test/java/oracle/kubernetes/operator/create/CreateOperatorGeneratedFilesTestBase.java

Lines changed: 0 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -562,59 +562,6 @@ private V1ClusterRoleBinding getExpectedOperatorRoleBindingNonResource() {
562562
.apiGroup(KubernetesArtifactUtils.API_GROUP_RBAC));
563563
}
564564

565-
@Test
566-
void generatesCorrect_operatorRoleBindingDiscovery() {
567-
assertThat(
568-
getGeneratedFiles().getOperatorRoleBindingDiscovery(),
569-
equalTo(getExpectedOperatorRoleBindingDiscovery()));
570-
}
571-
572-
private V1ClusterRoleBinding getExpectedOperatorRoleBindingDiscovery() {
573-
return newClusterRoleBinding()
574-
.metadata(
575-
newObjectMeta()
576-
.name(
577-
getInputs().getNamespace() + "-weblogic-operator-clusterrolebinding-discovery")
578-
.putLabelsItem(OPERATORNAME_LABEL, getInputs().getNamespace()))
579-
.addSubjectsItem(
580-
newSubject()
581-
.kind("ServiceAccount")
582-
.name(getInputs().getServiceAccount())
583-
.namespace(getInputs().getNamespace())
584-
.apiGroup(""))
585-
.roleRef(
586-
newClusterRoleRef()
587-
.name("system:discovery")
588-
.apiGroup(KubernetesArtifactUtils.API_GROUP_RBAC));
589-
}
590-
591-
@Test
592-
void generatesCorrect_operatorRoleBindingAuthDelegator() {
593-
assertThat(
594-
getGeneratedFiles().getOperatorRoleBindingAuthDelegator(),
595-
equalTo(getExpectedOperatorRoleBindingAuthDelegator()));
596-
}
597-
598-
private V1ClusterRoleBinding getExpectedOperatorRoleBindingAuthDelegator() {
599-
return newClusterRoleBinding()
600-
.metadata(
601-
newObjectMeta()
602-
.name(
603-
getInputs().getNamespace()
604-
+ "-weblogic-operator-clusterrolebinding-auth-delegator")
605-
.putLabelsItem(OPERATORNAME_LABEL, getInputs().getNamespace()))
606-
.addSubjectsItem(
607-
newSubject()
608-
.kind("ServiceAccount")
609-
.name(getInputs().getServiceAccount())
610-
.namespace(getInputs().getNamespace())
611-
.apiGroup(""))
612-
.roleRef(
613-
newClusterRoleRef()
614-
.name("system:auth-delegator")
615-
.apiGroup(KubernetesArtifactUtils.API_GROUP_RBAC));
616-
}
617-
618565
@Test
619566
void generatesCorrect_weblogicOperatorNamespaceRole() {
620567
assertThat(

kubernetes/src/test/java/oracle/kubernetes/operator/utils/GeneratedOperatorObjects.java

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright (c) 2018, 2021, Oracle and/or its affiliates.
1+
// Copyright (c) 2018, 2023, Oracle and/or its affiliates.
22
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
33

44
package oracle.kubernetes.operator.utils;
@@ -82,14 +82,6 @@ public V1ClusterRoleBinding getOperatorRoleBindingNonResource() {
8282
return securityYaml.getOperatorRoleBindingNonResource();
8383
}
8484

85-
public V1ClusterRoleBinding getOperatorRoleBindingDiscovery() {
86-
return securityYaml.getOperatorRoleBindingDiscovery();
87-
}
88-
89-
public V1ClusterRoleBinding getOperatorRoleBindingAuthDelegator() {
90-
return securityYaml.getOperatorRoleBindingAuthDelegator();
91-
}
92-
9385
public V1ClusterRole getWeblogicOperatorNamespaceRole() {
9486
return securityYaml.getWeblogicOperatorNamespaceRole();
9587
}

kubernetes/src/test/java/oracle/kubernetes/operator/utils/ParsedWeblogicOperatorSecurityYaml.java

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright (c) 2018, 2021, Oracle and/or its affiliates.
1+
// Copyright (c) 2018, 2023, Oracle and/or its affiliates.
22
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
33

44
package oracle.kubernetes.operator.utils;
@@ -55,16 +55,6 @@ public V1ClusterRoleBinding getOperatorRoleBindingNonResource() {
5555
.find(inputs.getNamespace() + "-weblogic-operator-clusterrolebinding-nonresource");
5656
}
5757

58-
public V1ClusterRoleBinding getOperatorRoleBindingDiscovery() {
59-
return getClusterRoleBindings()
60-
.find(inputs.getNamespace() + "-weblogic-operator-clusterrolebinding-discovery");
61-
}
62-
63-
public V1ClusterRoleBinding getOperatorRoleBindingAuthDelegator() {
64-
return getClusterRoleBindings()
65-
.find(inputs.getNamespace() + "-weblogic-operator-clusterrolebinding-auth-delegator");
66-
}
67-
6858
public V1ClusterRole getWeblogicOperatorNamespaceRole() {
6959
return getClusterRoles()
7060
.find(inputs.getNamespace() + "-weblogic-operator-clusterrole-namespace");

0 commit comments

Comments
 (0)