From 7676a1906a4c5447f53c666f412d88a1c3bdae12 Mon Sep 17 00:00:00 2001 From: Francesco Ilario Date: Wed, 30 Apr 2025 13:17:02 +0200 Subject: [PATCH] add konflux-viewer-user-actions role to stg and prod Add the konflux-viewer-user-actions role. It provides the same rights konflux-contributor-user-actions role provides. It is required for Public view implementation. Signed-off-by: Francesco Ilario --- .../base/konflux-viewer-user-actions.yaml | 127 ++++++++++++++++++ .../production/base/kustomization.yaml | 1 + .../base/konflux-viewer-user-actions.yaml | 127 ++++++++++++++++++ .../staging/base/kustomization.yaml | 1 + 4 files changed, 256 insertions(+) create mode 100644 components/konflux-rbac/production/base/konflux-viewer-user-actions.yaml create mode 100644 components/konflux-rbac/staging/base/konflux-viewer-user-actions.yaml diff --git a/components/konflux-rbac/production/base/konflux-viewer-user-actions.yaml b/components/konflux-rbac/production/base/konflux-viewer-user-actions.yaml new file mode 100644 index 00000000000..8ce8f7af7ba --- /dev/null +++ b/components/konflux-rbac/production/base/konflux-viewer-user-actions.yaml @@ -0,0 +1,127 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: konflux-viewer-user-actions + labels: + konflux-cluster-role: "true" +rules: + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - snapshots + - verbs: + - get + - list + - watch + apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - verbs: + - get + - list + apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - releases + - releaseplans + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + - verbs: + - get + - list + - watch + apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + - verbs: + - get + - list + - watch + apiGroups: + - '' + resources: + - configmaps + - pods + - pods/log + - verbs: + - get + - list + - watch + apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + - verbs: + - get + apiGroups: + - '' + resources: + - namespaces + - verbs: + - get + apiGroups: + - project.openshift.io + resources: + - projects + - verbs: + - get + - list + - watch + apiGroups: + - batch + resources: + - cronjobs + - jobs diff --git a/components/konflux-rbac/production/base/kustomization.yaml b/components/konflux-rbac/production/base/kustomization.yaml index 583791fe927..5dc635243ca 100644 --- a/components/konflux-rbac/production/base/kustomization.yaml +++ b/components/konflux-rbac/production/base/kustomization.yaml @@ -4,4 +4,5 @@ resources: - konflux-admin-user-actions.yaml - konflux-maintainer-user-actions.yaml - konflux-contributor-user-actions.yaml + - konflux-viewer-user-actions.yaml - ../../policies/bootstrap-tenant-namespace/ diff --git a/components/konflux-rbac/staging/base/konflux-viewer-user-actions.yaml b/components/konflux-rbac/staging/base/konflux-viewer-user-actions.yaml new file mode 100644 index 00000000000..8ce8f7af7ba --- /dev/null +++ b/components/konflux-rbac/staging/base/konflux-viewer-user-actions.yaml @@ -0,0 +1,127 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: konflux-viewer-user-actions + labels: + konflux-cluster-role: "true" +rules: + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - snapshots + - verbs: + - get + - list + - watch + apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - verbs: + - get + - list + apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - releases + - releaseplans + - verbs: + - get + - list + - watch + apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + - verbs: + - get + - list + - watch + apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + - verbs: + - get + - list + - watch + apiGroups: + - '' + resources: + - configmaps + - pods + - pods/log + - verbs: + - get + - list + - watch + apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + - verbs: + - get + apiGroups: + - '' + resources: + - namespaces + - verbs: + - get + apiGroups: + - project.openshift.io + resources: + - projects + - verbs: + - get + - list + - watch + apiGroups: + - batch + resources: + - cronjobs + - jobs diff --git a/components/konflux-rbac/staging/base/kustomization.yaml b/components/konflux-rbac/staging/base/kustomization.yaml index 583791fe927..5dc635243ca 100644 --- a/components/konflux-rbac/staging/base/kustomization.yaml +++ b/components/konflux-rbac/staging/base/kustomization.yaml @@ -4,4 +4,5 @@ resources: - konflux-admin-user-actions.yaml - konflux-maintainer-user-actions.yaml - konflux-contributor-user-actions.yaml + - konflux-viewer-user-actions.yaml - ../../policies/bootstrap-tenant-namespace/