You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/12/01 13:29:35 UTC
[camel-k] branch main updated (17365e5 -> 1725d74)
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git.
from 17365e5 fix(doc): Update Prometheus Operator setup documentation
new 43d922f chore(rbac): Remove wildcards from the operator role
new be51ab6 chore(rbac): Remove wildcards from the user aggregated role
new 61df32f chore(rbac): Remove wildcards from the builder role
new 8d0eeb7 chore(rbac): Remove pods permissions from the builder role
new 176e8aa chore(rbac): Add permissions on finalizers sub-resources to the operator SA
new 71b56f5 chore(rbac): Rebuild resources
new 1725d74 chore(e2e): Aggregate finalizers permission to the default admin role
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/workflows/openshift.yml | 17 ++++++++--
config/rbac/openshift/operator-role-openshift.yaml | 10 ++++++
config/rbac/operator-role.yaml | 35 ++++++++++++++++++--
config/rbac/user-cluster-role.yaml | 38 ++++++++++++++++++++--
pkg/resources/resources.go | 16 ++++-----
resources/builder/builder-role.yaml | 16 ++++-----
6 files changed, 108 insertions(+), 24 deletions(-)
[camel-k] 01/07: chore(rbac): Remove wildcards from the operator role
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 43d922f01889e16a68a8c275e01890a638672f8c
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 11:23:38 2021 +0100
chore(rbac): Remove wildcards from the operator role
---
config/rbac/operator-role.yaml | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/config/rbac/operator-role.yaml b/config/rbac/operator-role.yaml
index cc7fd7b..613ac5e 100644
--- a/config/rbac/operator-role.yaml
+++ b/config/rbac/operator-role.yaml
@@ -25,9 +25,40 @@ rules:
- apiGroups:
- camel.apache.org
resources:
- - "*"
+ - builds
+ - camelcatalogs
+ - integrationkits
+ - integrationplatforms
+ - integrations
+ - kameletbindings
+ - kamelets
verbs:
- - "*"
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds
+ verbs:
+ - delete
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds/status
+ - camelcatalogs/status
+ - integrationkits/status
+ - integrationplatforms/status
+ - integrations/status
+ - kameletbindings/status
+ - kamelets/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- ""
resources:
[camel-k] 07/07: chore(e2e): Aggregate finalizers permission to the default admin role
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 1725d7427bf318340d240161ea36c88197dbd884
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 21:01:27 2021 +0100
chore(e2e): Aggregate finalizers permission to the default admin role
---
.github/workflows/openshift.yml | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/openshift.yml b/.github/workflows/openshift.yml
index f416e73..36c7c7a 100644
--- a/.github/workflows/openshift.yml
+++ b/.github/workflows/openshift.yml
@@ -170,7 +170,6 @@ jobs:
metadata:
name: camel-k-test:eviction
labels:
- app: "camel-k"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: [""]
@@ -178,7 +177,7 @@ jobs:
verbs: ["create"]
EOF
- # Aggregate nodes permission to the default admin role
+ # Grant nodes permission to the default developer user
cat <<EOF | oc apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@@ -203,6 +202,20 @@ jobs:
apiGroup: rbac.authorization.k8s.io
EOF
+ # Aggregate finalizers permission to the default admin role
+ cat <<EOF | oc apply -f -
+ kind: ClusterRole
+ apiVersion: rbac.authorization.k8s.io/v1
+ metadata:
+ name: camel-k-test:finalizers
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rules:
+ - apiGroups: ["camel.apache.org"]
+ resources: ["*/finalizers"]
+ verbs: ["update"]
+ EOF
+
# Login as normal user
oc login -u developer
[camel-k] 06/07: chore(rbac): Rebuild resources
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 71b56f5183dfa4d7a6eb598e9fd2bde639fa7519
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 19:17:25 2021 +0100
chore(rbac): Rebuild resources
---
pkg/resources/resources.go | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
index c285994..4f08fd5 100644
--- a/pkg/resources/resources.go
+++ b/pkg/resources/resources.go
@@ -95,9 +95,9 @@ var assets = func() http.FileSystem {
"/builder/builder-role.yaml": &vfsgen۰CompressedFileInfo{
name: "builder-role.yaml",
modTime: time.Time{},
- uncompressedSize: 1451,
+ uncompressedSize: 1462,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x54\xc1\x6e\x1b\x37\x10\xbd\xf3\x2b\x1e\x76\x2f\x49\x61\x49\x6d\x4f\x85\x7a\x52\x1d\xbb\x5d\x34\x90\x00\xaf\xd2\x20\x47\x8a\x3b\xda\x1d\x98\x4b\xb2\x43\xae\x37\xee\xd7\x17\xa4\xa4\x46\xae\x2f\x09\x10\x5e\x34\xa4\x1e\xdf\xbc\xc7\x37\x52\x8d\xc5\xf7\x5b\xaa\xc6\x7b\x36\xe4\x22\x75\x48\x1e\x69\x20\x6c\x82\x36\x03\xa1\xf5\xc7\x34\x6b\x21\xdc\xfb\xc9\x75\x3a\xb1\x77\x78\xb3\x69\xef\xdf\x62\x72\x1d\x09\xbc\x23\x78\xc1\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x54\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x4f\x85\x7b\x72\x37\xbb\xad\xd0\xc0\x06\x56\x4e\x83\x1c\xc7\xd2\x58\x1a\x98\x22\xd5\x21\xb5\xca\xf6\xd7\x17\xa4\xed\xee\x06\x8b\x16\x41\x10\x5d\x4c\xd3\x8f\xef\x83\x6f\xac\x02\xcb\xef\xf7\x98\x02\xef\xa5\x61\x17\xb8\x45\xf4\x88\x3d\x63\x33\x52\xd3\x33\x6a\x7f\x8c\x33\x29\xe3\xde\x4f\xae\xa5\x28\xde\xe1\xcd\xa6\xbe\x7f\x8b\xc9\xb5\xac\xf0\x8e\xe1\x15\x [...]
},
"/builder/builder-service-account.yaml": &vfsgen۰CompressedFileInfo{
name: "builder-service-account.yaml",
@@ -273,9 +273,9 @@ var assets = func() http.FileSystem {
"/rbac/openshift/operator-role-openshift.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role-openshift.yaml",
modTime: time.Time{},
- uncompressedSize: 1975,
+ uncompressedSize: 2190,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\xc1\x8e\xdb\x46\x0c\xbd\xeb\x2b\x1e\xac\x4b\x02\xac\xe5\xb6\xa7\xc2\x3d\xb9\xc9\x6e\x6b\x34\xb0\x81\x95\xd3\x20\x47\x7a\x44\x4b\xc4\x8e\x86\xea\xcc\x68\x95\xed\xd7\x17\x33\xb6\x13\x6f\xdd\x6d\x2e\x01\xa2\x8b\x68\xf2\x89\x7c\x8f\x8f\x2e\x31\xff\x76\x4f\x51\xe2\x9d\x18\x76\x81\x1b\x44\x45\xec\x18\xab\x81\x4c\xc7\xa8\xf5\x10\x27\xf2\x8c\x3b\x1d\x5d\x43\x51\xd4\xe1\xd5\xaa\xbe\x7b\x8d\xd1\x35\xec\xa1\x8e\xa1\x1e\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x53\xc1\x8e\xdb\x46\x0c\xbd\xeb\x2b\x08\xeb\x92\x00\x6b\xa9\xed\xa9\x70\x4f\xee\x66\xb7\x35\x1a\xd8\xc0\xca\x69\x90\x23\x35\xa2\x25\xc2\xa3\xa1\xca\x19\xad\xb2\xf9\xfa\x62\xc6\x76\xe2\xac\xe3\xcd\x25\x40\x74\x11\x4d\x3e\x93\xef\xf1\x51\x39\xcc\x7f\xdc\x93\xe5\xf0\x96\x0d\x39\x4f\x0d\x04\x81\xd0\x11\x2c\x07\x34\x1d\x41\x25\xbb\x30\xa1\x12\xdc\xcb\xe8\x1a\x0c\x2c\x0e\x5e\x2d\xab\xfb\xd7\x30\xba\x86\x14\xc4\x11\x88\x [...]
},
"/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-cluster-role-binding-custom-resource-definitions.yaml",
@@ -371,9 +371,9 @@ var assets = func() http.FileSystem {
"/rbac/operator-role.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role.yaml",
modTime: time.Time{},
- uncompressedSize: 2376,
+ uncompressedSize: 2879,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x55\xc1\x6e\xe3\x36\x10\xbd\xeb\x2b\x1e\xac\xcb\x6e\x11\xdb\x6d\x4f\x85\x7b\x72\xb3\x49\x6b\x74\x61\x03\x91\xb7\x8b\x3d\x52\xd4\x58\x9e\x86\xe2\xb0\x43\x2a\x8e\xfb\xf5\x05\x65\xbb\xeb\xac\x13\x20\x87\x45\xb7\xba\x78\x48\x8d\xde\xbc\x37\xf3\x4c\x96\x18\x7f\xbd\xa7\x28\xf1\x9e\x2d\xf9\x48\x0d\x92\x20\x6d\x09\xf3\x60\xec\x96\x50\xc9\x26\xed\x8c\x12\x6e\xa5\xf7\x8d\x49\x2c\x1e\x6f\xe6\xd5\xed\x5b\xf4\xbe\x21\x85\x78\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xcc\x56\xc1\x6e\xdb\x46\x10\xbd\xf3\x2b\x06\xe2\x25\x01\x6c\xa9\xed\xa9\x50\x4f\x6a\x62\xb7\x42\x03\x09\x30\x95\x06\x39\x0e\x97\x23\x6a\xaa\xe5\xce\x76\x76\x69\x59\xfd\xfa\x62\x29\x2a\xa6\x4d\x2b\x28\x9a\xa0\x29\x2f\x5e\xee\x8e\xdf\xbc\xf7\xe6\xad\xcd\x1c\xae\xbf\xde\x93\xe5\xf0\x8e\x0d\xb9\x40\x15\x44\x81\xb8\x23\x58\x78\x34\x3b\x82\x42\xb6\xf1\x80\x4a\x70\x2b\xad\xab\x30\xb2\x38\x78\xb5\x28\x6e\x5f\x43\xeb\x2a\x52\x [...]
},
"/rbac/patch-role-to-clusterrole.yaml": &vfsgen۰CompressedFileInfo{
name: "patch-role-to-clusterrole.yaml",
@@ -392,9 +392,9 @@ var assets = func() http.FileSystem {
"/rbac/user-cluster-role.yaml": &vfsgen۰CompressedFileInfo{
name: "user-cluster-role.yaml",
modTime: time.Time{},
- uncompressedSize: 1315,
+ uncompressedSize: 1825,
- compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\xc1\x8e\xdb\x36\x10\xbd\xf3\x2b\x1e\xa4\x4b\x52\xac\xe5\xb6\xa7\x42\x3d\xb9\x9b\xdd\x56\x68\x60\x03\x2b\xa7\x41\x50\xf4\x40\x8b\x63\x69\xb0\x14\xa9\x0e\xa9\x55\xb6\x5f\x5f\x90\xb6\x37\x5e\x14\x3d\x04\x08\x6f\x24\x87\x6f\xde\x9b\xf7\x58\x62\xf5\xed\x96\x2a\xf1\x9e\x3b\x72\x81\x0c\xa2\x47\x1c\x08\x9b\x49\x77\x03\xa1\xf5\xc7\xb8\x68\x21\xdc\xfb\xd9\x19\x1d\xd9\x3b\xbc\xd9\xb4\xf7\x6f\x31\x3b\x43\x02\xef\x08\x5e\x [...]
+ compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x54\x4f\x6f\xdb\xc6\x13\xbd\xf3\x53\x3c\x90\x97\x04\xb0\xa4\xdf\xaf\xa7\x42\x3d\xa9\x8e\xdd\x0a\x0d\x24\xc0\x54\x1a\xe4\x38\xe2\x8e\xa8\x81\x96\xbb\xec\xee\xd0\x8c\xfb\xe9\x8b\x5d\x49\xb6\x1c\xc5\x87\x16\xe1\x85\xcb\xf9\xf3\xe6\xcd\x9b\x59\x56\x98\xfc\xb8\xa7\xa8\xf0\x51\x1a\x76\x91\x0d\xd4\x43\xf7\x8c\x45\x4f\xcd\x9e\x51\xfb\x9d\x8e\x14\x18\xf7\x7e\x70\x86\x54\xbc\xc3\xbb\x45\x7d\xff\x1e\x83\x33\x1c\xe0\x1d\xc3\x [...]
},
"/samples": &vfsgen۰DirInfo{
name: "samples",
[camel-k] 02/07: chore(rbac): Remove wildcards from the user aggregated role
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit be51ab69973716e69e4fb9e6fd91544b58aaeaa9
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 11:24:16 2021 +0100
chore(rbac): Remove wildcards from the user aggregated role
---
config/rbac/user-cluster-role.yaml | 38 +++++++++++++++++++++++++++++++++++---
1 file changed, 35 insertions(+), 3 deletions(-)
diff --git a/config/rbac/user-cluster-role.yaml b/config/rbac/user-cluster-role.yaml
index 1a901d5..ed6a661 100644
--- a/config/rbac/user-cluster-role.yaml
+++ b/config/rbac/user-cluster-role.yaml
@@ -25,6 +25,38 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
-- apiGroups: ["camel.apache.org"]
- resources: ["*"]
- verbs: ["*"]
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds
+ - camelcatalogs
+ - integrationkits
+ - integrationplatforms
+ - integrations
+ - kameletbindings
+ - kamelets
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds/status
+ - camelcatalogs/status
+ - integrationkits/status
+ - integrationplatforms/status
+ - integrations/scale
+ - integrations/status
+ - kameletbindings/scale
+ - kameletbindings/status
+ - kamelets/status
+ verbs:
+ - get
+ - patch
+ - update
[camel-k] 05/07: chore(rbac): Add permissions on finalizers sub-resources to the operator SA
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 176e8aa3d0a7373a0ea1a1ae68bfb13e91b68ee2
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 19:16:17 2021 +0100
chore(rbac): Add permissions on finalizers sub-resources to the operator SA
---
config/rbac/openshift/operator-role-openshift.yaml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/config/rbac/openshift/operator-role-openshift.yaml b/config/rbac/openshift/operator-role-openshift.yaml
index 23d67b4..bebcb59 100644
--- a/config/rbac/openshift/operator-role-openshift.yaml
+++ b/config/rbac/openshift/operator-role-openshift.yaml
@@ -23,6 +23,16 @@ metadata:
app: "camel-k"
rules:
- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds/finalizers
+ - integrationkits/finalizers
+ - integrationplatforms/finalizers
+ - integrations/finalizers
+ - kameletbindings/finalizers
+ verbs:
+ - update
+- apiGroups:
- ""
- "build.openshift.io"
resources:
[camel-k] 03/07: chore(rbac): Remove wildcards from the builder role
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 61df32f359899021776c0806f440b95903edb5fc
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 11:24:43 2021 +0100
chore(rbac): Remove wildcards from the builder role
---
resources/builder/builder-role.yaml | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/resources/builder/builder-role.yaml b/resources/builder/builder-role.yaml
index 172eca7..7051f64 100644
--- a/resources/builder/builder-role.yaml
+++ b/resources/builder/builder-role.yaml
@@ -25,9 +25,20 @@ rules:
- apiGroups:
- camel.apache.org
resources:
- - "*"
+ - builds
+ - camelcatalogs
+ - integrationkits
verbs:
- - "*"
+ - get
+ - list
+- apiGroups:
+ - camel.apache.org
+ resources:
+ - builds/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- ""
resources:
[camel-k] 04/07: chore(rbac): Remove pods permissions from the builder role
Posted by as...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 8d0eeb73182f0b6a13c78c7f51e4dea9b96e8d1a
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Tue Nov 30 11:26:58 2021 +0100
chore(rbac): Remove pods permissions from the builder role
---
resources/builder/builder-role.yaml | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/resources/builder/builder-role.yaml b/resources/builder/builder-role.yaml
index 7051f64..e3642eb 100644
--- a/resources/builder/builder-role.yaml
+++ b/resources/builder/builder-role.yaml
@@ -42,19 +42,6 @@ rules:
- apiGroups:
- ""
resources:
- - pods
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- configmaps
- secrets
verbs: