Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-14544

ACM a ClusterRole to enable fine-grained RBAC for ApplicationSets should not depend on AppSub

XMLWordPrintable

    • ACM a ClusterRole to enable fine-grained RBAC for ApplicationSets should not depend on AppSub
    • False
    • None
    • False
    • Not Selected
    • To Do

      Epic Goal

      ...

      This ClusterRole needs to work without any references to Application....

      ---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: open-cluster-management:subscription-admin-customized
rules:
- verbs:
   - create
   - get
   - list
   - watch
   - update
   - delete
   - deletecollection
   - patch
 apiGroups:
   - argoproj.io
 resources:
   - applications
   - applications/status
   - argocds
   - applicationsets 
- verbs:
   - create
   - get
   - list
   - watch
   - update
   - delete
   - deletecollection
   - patch
 apiGroups:
   - app.k8s.io
 resources:
   - applications
- verbs:
   - '*'
 apiGroups:
   - apps.open-cluster-management.io
 resources:
   - '*'
- verbs:
   - '*'
 apiGroups:
   - ''
 resources:
   - configmaps
   - secrets
   - namespaces
- verbs:
   - get
   - list
   - watch
   - create
   - update
   - patch
 apiGroups:
   - cluster.open-cluster-management.io
   - register.open-cluster-management.io
   - clusterview.open-cluster-management.io
 resources:
   - gitopsclusters
   - multiclusterapplicationsetreports
   - managedclustersets/join
   - managedclustersets/bind
   - managedclusters/accept
   - managedclustersets
   - managedclusters
   - managedclustersetbindings
   - placements
   - placementdecisions

      Why is this important?

      ...

      If I only want to create ApplicationSets I really do not need that and it is also important for the case that we do not use AppSub anymore
      Without that you could not use the UI as the button is just grayed out

      Scenarios

      ...

      Acceptance Criteria

      ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      1. ...

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Doc issue opened with a completed template. Separate doc issue
        opened for any deprecation, removal, or any current known
        issue/troubleshooting removal from the doc, if applicable.

              fxiang@redhat.com Feng Xiang
              rhn-support-cstark Christian Stark
              David Huynh David Huynh
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: