certServiceK8sExternalProvider/deploy/roles.yaml

   1 # ============LICENSE_START=======================================================
   2 # oom-certservice-k8s-external-provider
   3 # ================================================================================
   4 # Copyright (c) 2019 Smallstep Labs, Inc.
   5 # Modifications copyright (C) 2020 Nokia. All rights reserved.
   6 # ================================================================================
   7 # This source code was copied from the following git repository:
   8 # https://github.com/smallstep/step-issuer
   9 # The source code was modified for usage in the ONAP project.
  10 # ================================================================================
  11 # Licensed under the Apache License, Version 2.0 (the "License");
  12 # you may not use this file except in compliance with the License.
  13 # You may obtain a copy of the License at
  14 #
  15 #      http://www.apache.org/licenses/LICENSE-2.0
  16 #
  17 # Unless required by applicable law or agreed to in writing, software
  18 # distributed under the License is distributed on an "AS IS" BASIS,
  19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  20 # See the License for the specific language governing permissions and
  21 # limitations under the License.
  22 # ============LICENSE_END=========================================================
  23 #
  24
  25 apiVersion: rbac.authorization.k8s.io/v1
  26 kind: Role
  27 metadata:
  28   name: certservice-issuer-leader-election-role
  29   namespace: onap
  30 rules:
  31   - apiGroups:
  32       - ""
  33     resources:
  34       - configmaps
  35     verbs:
  36       - get
  37       - list
  38       - watch
  39       - create
  40       - update
  41       - patch
  42       - delete
  43   - apiGroups:
  44       - ""
  45     resources:
  46       - configmaps/status
  47     verbs:
  48       - get
  49       - update
  50       - patch
  51   - apiGroups:
  52       - ""
  53     resources:
  54       - events
  55     verbs:
  56       - create
  57 ---
  58 apiVersion: rbac.authorization.k8s.io/v1
  59 kind: ClusterRole
  60 metadata:
  61   name: certservice-issuer-manager-role
  62 rules:
  63   - apiGroups:
  64       - ""
  65     resources:
  66       - events
  67     verbs:
  68       - create
  69       - patch
  70   - apiGroups:
  71       - ""
  72     resources:
  73       - secrets
  74     verbs:
  75       - get
  76       - list
  77       - watch
  78   - apiGroups:
  79       - cert-manager.io
  80     resources:
  81       - certificaterequests
  82     verbs:
  83       - get
  84       - list
  85       - update
  86       - watch
  87   - apiGroups:
  88       - cert-manager.io
  89     resources:
  90       - certificaterequests/status
  91     verbs:
  92       - get
  93       - patch
  94       - update
  95   - apiGroups:
  96       - certmanager.onap.org
  97     resources:
  98       - certserviceissuers
  99     verbs:
 100       - create
 101       - delete
 102       - get
 103       - list
 104       - patch
 105       - update
 106       - watch
 107   - apiGroups:
 108       - certmanager.onap.org
 109     resources:
 110       - certserviceissuers/status
 111     verbs:
 112       - get
 113       - patch
 114       - update
 115 ---
 116 apiVersion: rbac.authorization.k8s.io/v1
 117 kind: ClusterRole
 118 metadata:
 119   name: certservice-issuer-proxy-role
 120 rules:
 121   - apiGroups:
 122       - authentication.k8s.io
 123     resources:
 124       - tokenreviews
 125     verbs:
 126       - create
 127   - apiGroups:
 128       - authorization.k8s.io
 129     resources:
 130       - subjectaccessreviews
 131     verbs:
 132       - create
 133 ---
 134 apiVersion: rbac.authorization.k8s.io/v1
 135 kind: RoleBinding
 136 metadata:
 137   name: certservice-issuer-leader-election-rolebinding
 138   namespace: onap
 139 roleRef:
 140   apiGroup: rbac.authorization.k8s.io
 141   kind: Role
 142   name: certservice-issuer-leader-election-role
 143 subjects:
 144   - kind: ServiceAccount
 145     name: default
 146     namespace: onap
 147 ---
 148 apiVersion: rbac.authorization.k8s.io/v1
 149 kind: ClusterRoleBinding
 150 metadata:
 151   name: certservice-issuer-manager-rolebinding
 152 roleRef:
 153   apiGroup: rbac.authorization.k8s.io
 154   kind: ClusterRole
 155   name: certservice-issuer-manager-role
 156 subjects:
 157   - kind: ServiceAccount
 158     name: default
 159     namespace: onap
 160 ---
 161 apiVersion: rbac.authorization.k8s.io/v1
 162 kind: ClusterRoleBinding
 163 metadata:
 164   name: certservice-issuer-proxy-rolebinding
 165 roleRef:
 166   apiGroup: rbac.authorization.k8s.io
 167   kind: ClusterRole
 168   name: certservice-issuer-proxy-role
 169 subjects:
 170   - kind: ServiceAccount
 171     name: default
 172     namespace: onap