From 5a9d48bf5caa7d386bce01ad422595887fa1ec6f Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Thu, 4 May 2023 11:28:14 +0100 Subject: [PATCH] fix(helm): explode verbs instead of wildcarding --- helm/templates/rbac.yaml | 20 +++++++++++++++++-- helm/tests/testdata/default_values.golden | 20 +++++++++++++++++-- helm/tests/testdata/labels_annotations.golden | 20 +++++++++++++++++-- helm/tests/testdata/sa.golden | 20 +++++++++++++++++-- helm/tests/testdata/tls.golden | 20 +++++++++++++++++-- 5 files changed, 90 insertions(+), 10 deletions(-) diff --git a/helm/templates/rbac.yaml b/helm/templates/rbac.yaml index d11ac555c558e..c5fae5d3a2616 100644 --- a/helm/templates/rbac.yaml +++ b/helm/templates/rbac.yaml @@ -7,10 +7,26 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/tests/testdata/default_values.golden b/helm/tests/testdata/default_values.golden index e9f92678d4809..1c859bc609960 100644 --- a/helm/tests/testdata/default_values.golden +++ b/helm/tests/testdata/default_values.golden @@ -22,10 +22,26 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/tests/testdata/labels_annotations.golden b/helm/tests/testdata/labels_annotations.golden index f980dddf84b44..761b27af2f2e1 100644 --- a/helm/tests/testdata/labels_annotations.golden +++ b/helm/tests/testdata/labels_annotations.golden @@ -22,10 +22,26 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/tests/testdata/sa.golden b/helm/tests/testdata/sa.golden index a6531600df4c7..250d3e1e5079d 100644 --- a/helm/tests/testdata/sa.golden +++ b/helm/tests/testdata/sa.golden @@ -22,10 +22,26 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 diff --git a/helm/tests/testdata/tls.golden b/helm/tests/testdata/tls.golden index 81a5e68f06436..4d98456364209 100644 --- a/helm/tests/testdata/tls.golden +++ b/helm/tests/testdata/tls.golden @@ -22,10 +22,26 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["*"] + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- # Source: coder/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1