search

ricoberger / vault-secrets-operator

Create Kubernetes secrets from Vault for a secure GitOps based workflow.
MIT License
633 stars 103 forks source link

RBAC fix #167

Closed margrs closed 2 years ago

margrs commented 2 years ago

See https://github.com/ricoberger/vault-secrets-operator/pull/137

amuraru commented 2 years ago

The underlying issue seem to be this marker line in https://github.com/ricoberger/vault-secrets-operator/blob/main/controllers/vaultsecret_controller.go#L53

it needs to be split in two:

// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete

so controller-gen does not override this in the future

margrs commented 2 years ago

The underlying issue seem to be this marker line in https://github.com/ricoberger/vault-secrets-operator/blob/main/controllers/vaultsecret_controller.go#L53

it needs to be split in two:

// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete

so controller-gen does not override this in the future

Thanks, @amuraru . Updated.

ricoberger commented 2 years ago

Hi @margrs and @amuraru, thanks for the fix and the review 🙂.