upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-03-23 02:43:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata
History
Kirill Shirinkin 5e9da75df2 Allow aggregate-to-view roles to get jobs status (#77866) 
* Allow aggregate-to-edit roles to get jobs status

Right now users/accounts with role `admin` or `edit` can create, update and delete jobs, but are not allowed to pull the status of a job that they create.  This change extends `aggregate-to-edit` rules to include `jobs/status`.

* Move jobs/status to aggregate-to-view rules

* Add aggregate-to-view policy to view PVCs status

* Update fixtures to include new read permissions

* Add more status subresources

* Update cluster-roles.yaml

* Re-order deployment permissions

* Run go fmt

* Add more permissions

* Fix tests

* Re-order permissions in test data

* Automatically update yamls
2019-07-26 11:59:22 -07:00
..
cluster-role-bindings.yaml Move cloud-specific roles out of RBAC bootstrap 2019-04-02 19:17:53 +08:00
cluster-roles.yaml Allow aggregate-to-view roles to get jobs status (#77866) 2019-07-26 11:59:22 -07:00
controller-role-bindings.yaml Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate. 2018-11-27 11:44:35 +08:00
controller-roles.yaml add rbac for events.k8s.io apiGroup to system:kube-scheduler 2019-07-11 16:10:32 +02:00
namespace-role-bindings.yaml Ensure controller manager and scheduler can perform delegated auth checks 2019-02-08 11:15:52 -05:00
namespace-roles.yaml add rbac for events.k8s.io apiGroup to system:kube-scheduler 2019-07-11 16:10:32 +02:00