#78 mbox-operator perms
Closed: Fixed 3 years ago by dkirwan. Opened 3 years ago by lrossett.

Hello,

I need that the mbox-operator service account in mbbox namespace to have access to route resources (all verbs).

Cluster: https://console-openshift-console.apps.ocp.stg.ci.centos.org

Applying this role definition should do the trick: https://paste.centos.org/view/abaee7a2


Metadata Update from @dkirwan:
- Issue assigned to dkirwan

3 years ago

Metadata Update from @dkirwan:
- Issue priority set to: None (was: Needs Review)
- Issue tagged with: centos-ci-infra, low-trouble, medium-gain

3 years ago

I've updated the mbbox admin group with some extra roles:

  - verbs:
      - '*'
    apiGroups:
      - route.openshift.io
    resources:
      - routes
  - verbs:
      - get
      - create
      - delete
      - patch
      - update
      - watch
      - list
    apiGroups:
      - ''
    resources:
      - events
  - verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
    apiGroups:
      - ''
    resources:
      - services/finalizers
  - verbs:
      - update
    apiGroups:
      - apps
    resources:
      - deployments/finalizers
      - mbox-operator
  - verbs:
      - '*'
    apiGroups:
      - apps.fedoraproject.org
    resources:
      - '*'
  - verbs:
      - '*'
    apiGroups:
      - monitoring.coreos.com
    resources:
      - servicemonitors
  - verbs:
      - '*'
    apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
  - verbs:
      - '*'
    apiGroups:
      - route.openshift.io/v1
    resources:
      - routes

Verified the new permissions work with @lrossett

Metadata Update from @dkirwan:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata
Boards 1
CentOS CI Infra Status: Done