Skip to content

Commit

Permalink
on push: make
Browse files Browse the repository at this point in the history
  • Loading branch information
@petrkotas
petrkotas committed Nov 8, 2024
1 parent 194558b commit 154aa53
Show file tree
Hide file tree
Showing 4 changed files with 143 additions and 308 deletions.
64 changes: 20 additions & 44 deletions deploy/acm-policies/50-GENERATED-osd-openshift-operators-redhat.Policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,66 +32,42 @@ spec:
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: admin-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: admin-dedicated-admins
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
patchType: merge
pruneObjectBehavior: DeleteIfCreated
remediationAction: enforce
severity: low
Expand Down
129 changes: 41 additions & 88 deletions hack/00-osd-managed-cluster-config-integration.yaml.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6448,66 +6448,42 @@ objects:
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: admin-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: admin-dedicated-admins
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
patchType: merge
- complianceType: mustonlyhave
metadataComplianceType: musthave
objectDefinition:
apiVersion: rbac.authorization.k8s.io/v1
applyMode: AlwaysApply
kind: RoleBinding
metadata:
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
patchType: merge
pruneObjectBehavior: DeleteIfCreated
remediationAction: enforce
severity: low
Expand Down Expand Up @@ -32224,58 +32200,35 @@ objects:
kind: Namespace
metadata:
name: openshift-operators-redhat
patches:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admin-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: admin-dedicated-admins
namespace: openshift-operators-redhat
applyMode: AlwaysApply
patchType: merge
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: admin-system:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
applyMode: AlwaysApply
patchType: merge
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: dedicated-admins
name: openshift-operators-redhat-dedicated-admins
namespace: openshift-operators-redhat
applyMode: AlwaysApply
patchType: merge
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}'
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dedicated-admins-project
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:dedicated-admin
name: openshift-operators-redhat:serviceaccounts:dedicated-admin
namespace: openshift-operators-redhat
applyMode: AlwaysApply
patchType: merge
patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}'
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
Expand Down
Loading

0 comments on commit 154aa53

Please sign in to comment.