github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

[api] Fix RBAC for listing of TenantNamespaces and handle system:masters

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
2025-10-13 15:15:39 +02:00
parent a4cbc7341d
commit 2a508c4f29
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/system/cozystack-api/templates/rbac.yaml
View File

@@ -6,6 +6,9 @@ rules:
- apiGroups: [""]
resources: ["namespaces", "secrets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "update", "patch", "delete"]

3
pkg/registry/core/tenantnamespace/rest.go
View File

@@ -272,6 +272,9 @@ func (r *REST) filterAccessible(
for _, group := range u.GetGroups() {
groups[group] = struct{}{}
}
if _, ok = groups["system:masters"]; ok {
return names, nil
}
if _, ok = groups["cozystack-cluster-admin"]; ok {
return names, nil
}