Yuvipanda has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/341191 )
Change subject: tools: Allow readonly access to all namespace objects
......................................................................
tools: Allow readonly access to all namespace objects
This isn't private information, and seems to be required for
helm to work properly
Change-Id: I5f634da42b53c076ee3f95c646a5945b8c2d8d09
---
M modules/toollabs/files/maintain-kubeusers
1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/91/341191/1
diff --git a/modules/toollabs/files/maintain-kubeusers
b/modules/toollabs/files/maintain-kubeusers
index f9e4972..b98b0ce 100755
--- a/modules/toollabs/files/maintain-kubeusers
+++ b/modules/toollabs/files/maintain-kubeusers
@@ -185,6 +185,16 @@
"apiGroup": "*",
}
}
+ yield {
+ "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
+ "kind": "Policy",
+ "spec": {
+ "user": "*",
+ "resource": "namespaces",
+ "readonly": True,
+ "apiGroup": "*",
+ }
+ }
for user in users:
if user.group == 'tool':
--
To view, visit https://gerrit.wikimedia.org/r/341191
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5f634da42b53c076ee3f95c646a5945b8c2d8d09
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
