From 22bab438ebb8a9b36a2ae663f0916d130da5929d Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Fri, 30 Jun 2017 10:44:21 -0400 Subject: [PATCH] One more fix to SDN controller perms --- pkg/cmd/server/bootstrappolicy/controller_policy.go | 2 +- test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/server/bootstrappolicy/controller_policy.go b/pkg/cmd/server/bootstrappolicy/controller_policy.go index 4824ed8bfea9..113c847c4e01 100644 --- a/pkg/cmd/server/bootstrappolicy/controller_policy.go +++ b/pkg/cmd/server/bootstrappolicy/controller_policy.go @@ -206,7 +206,7 @@ func init() { ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraSDNControllerServiceAccountName}, Rules: []rbac.PolicyRule{ rbac.NewRule("get", "create", "update").Groups(networkGroup, legacyNetworkGroup).Resources("clusternetworks").RuleOrDie(), - rbac.NewRule("get", "list", "watch", "create", "delete").Groups(networkGroup, legacyNetworkGroup).Resources("hostsubnets").RuleOrDie(), + rbac.NewRule("get", "list", "watch", "create", "update", "delete").Groups(networkGroup, legacyNetworkGroup).Resources("hostsubnets").RuleOrDie(), rbac.NewRule("get", "list", "watch", "create", "update", "delete").Groups(networkGroup, legacyNetworkGroup).Resources("netnamespaces").RuleOrDie(), rbac.NewRule("get", "list").Groups(kapiGroup).Resources("pods").RuleOrDie(), rbac.NewRule("get", "list", "watch").Groups(kapiGroup).Resources("services").RuleOrDie(), diff --git a/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml b/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml index 1f9ea22d85e8..af849500c91d 100644 --- a/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml +++ b/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml @@ -3631,6 +3631,7 @@ items: - delete - get - list + - update - watch - apiGroups: - ""