Skip to content

Commit

Permalink
Use permissions in Azure CredentialsRequest
Browse files Browse the repository at this point in the history 
Instead of requesting the "Contributor" role, request the individual
permissions that the operator requires in order to manage DNS records on
Azure.

This commit resolves NE-1244.

https://issues.redhat.com/browse/NE-1244

* manifests/00-ingress-credentials-request.yaml: Replace the "Contributor"
role with a list of permissions.
* pkg/manifests/bindata.go: Regenerate.
  • Loading branch information
@Miciah
Miciah committed Jul 20, 2023
1 parent b4b5f42 commit 2a198b1
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 6 deletions.
7 changes: 5 additions & 2 deletions manifests/00-ingress-credentials-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,11 @@ spec:
providerSpec:
apiVersion: cloudcredential.openshift.io/v1
kind: AzureProviderSpec
roleBindings:
- role: Contributor
permissions:
- Microsoft.Network/dnsZones/A/delete
- Microsoft.Network/dnsZones/A/write
- Microsoft.Network/privateDnsZones/A/delete
- Microsoft.Network/privateDnsZones/A/write
---
apiVersion: cloudcredential.openshift.io/v1
kind: CredentialsRequest
Expand Down
8 changes: 4 additions & 4 deletions pkg/manifests/bindata.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 2a198b1

Please sign in to comment.