mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-03-18 16:47:25 -04:00
7f87337b8b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add RBAC policies for NetworkPolicy **What this PR does / why we need it**: When using RBAC, none of the namespace-level roles currently have permission to do anything with NetworkPolicy. (Only cluster-admin does, by virtue of having permission on "*".) This fixes it so "admin" and "edit" have read/write permission, and "view" has read-only permission. I added permission for both the extensions and networking objects, which I believe is correct as long as both of them exist? (This would be nice to fix in 1.9, although it's not a regression. It's always been broken.) **Release note**: ```release-note When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources. ``` |
||
|---|---|---|
| .. | ||
| testdata | ||
| BUILD | ||
| controller_policy.go | ||
| controller_policy_test.go | ||
| namespace_policy.go | ||
| policy.go | ||
| policy_test.go | ||