admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refine iam policy rules

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-11-02 13:28:12 +08:00
parent cae0911d46
commit 8b037cef3f
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/controller/workspace/workspace_controller.go
View File

@@ -564,6 +564,11 @@ func getWorkspaceAdmin(workspaceName string) *rbac.ClusterRole {
ResourceNames: []string{workspaceName},
Resources: []string{"workspaces", "workspaces/*"},
},
{
Verbs: []string{"watch"},
APIGroups: []string{""},
Resources: []string{"namespaces"},
},
{
Verbs: []string{"list"},
APIGroups: []string{"iam.kubesphere.io"},
@@ -630,6 +635,11 @@ func getWorkspaceViewer(workspaceName string) *rbac.ClusterRole {
ResourceNames: []string{workspaceName},
Resources: []string{"workspaces", "workspaces/*"},
},
{
Verbs: []string{"watch"},
APIGroups: []string{""},
Resources: []string{"namespaces"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"openpitrix.io"},