Skip to content

Commit

Permalink
doc(RHTAPWATCH-820): Project* permissions
Browse files Browse the repository at this point in the history 
Update the roles and permissions ADR to include the permissions
for the new Project Controller.

Signed-off-by: Barak Korren <[email protected]>
  • Loading branch information
@ifireball
ifireball committed Apr 1, 2024
1 parent 75b0fdb commit 382e9c3
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion ADR/0011-roles-and-permissions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ We will use the built-in Kubernetes RBAC system for AppStudio's role and permiss
| | *Service Access* | appstudio.redhat.com | get, list, watch | spiaccesstokenbindings, spiaccesschecks, spiaccesstokens, spifilecontentrequests
| | *Remote Secrets* | appstudio.redhat.com | get, list, watch | remotesecrets
| | Build Service | appstudio.redhat.com | get, list, watch | buildpipelineselectors
| | Project Controller | projctl.konflux.dev | get, list, watch | projects, projectdevelopmentstreams, projectdevelopmentstreamtemplates
| | *Configs* | | get, list, watch | configmaps
| | *Secrets* | | | secrets
| | Add User |
Expand All @@ -58,6 +59,7 @@ We will use the built-in Kubernetes RBAC system for AppStudio's role and permiss
| | *Service Access* | appstudio.redhat.com | get, list, watch, create, update, patch | spiaccesstokenbindings, spiaccesschecks, spiaccesstokens, spifilecontentrequests, spiaccesstokendataupdates
| | *Remote Secrets* | appstudio.redhat.com | get, list, watch | remotesecrets
| | Build Service | appstudio.redhat.com | get, list, watch, create | buildpipelineselectors
| | Project Controller | projctl.konflux.dev | get, list, watch, create, update, patch, delete | projects, projectdevelopmentstreams, projectdevelopmentstreamtemplates
| | *Configs* | | get, list, watch | configmaps
| | *Secrets* | | | secrets
| | Add User |
Expand All @@ -79,6 +81,7 @@ We will use the built-in Kubernetes RBAC system for AppStudio's role and permiss
| | *Service Access* | appstudio.redhat.com | get, list, watch, create, update, patch, delete | spiaccesstokenbindings, spiaccesschecks, spiaccesstokens,spifilecontentrequests, spiaccesstokendataupdates
| | *Remote Secrets* | appstudio.redhat.com | get, list, watch, create, update, patch, delete | remotesecrets
| | Build Service | appstudio.redhat.com | get, list, watch, create, update, patch, delete | buildpipelineselectors
| | Project Controller | projctl.konflux.dev | get, list, watch, create, update, patch, delete | projects, projectdevelopmentstreams, projectdevelopmentstreamtemplates
| | *Configs* | | get, list, watch, create, update, patch, delete | configmaps
| | *Secrets* | | get, list, watch, create, update, patch, delete | secrets
| | *Exec to pods* | | create | pods/exec
Expand All @@ -93,4 +96,3 @@ We will use the built-in Kubernetes RBAC system for AppStudio's role and permiss
* It will also allow us to assign the appropriate level of permissions to each role, based on the responsibilities and privileges associated with each role in our project.
* The use of the built-in Kubernetes RBAC system will improve the testability of our system, as we can use the well-documented and widely-used Kubernetes APIs for testing and validation.
* Using the built-in Kubernetes RBAC system may require some initial configuration and setup. However, it will likely require less ongoing maintenance and support compared to using a custom solution.

0 comments on commit 382e9c3

Please sign in to comment.