From f6b171efd177cb5f914d56871ce31f47a1d1c177 Mon Sep 17 00:00:00 2001 From: Saswata Mukherjee Date: Thu, 16 Nov 2023 14:47:56 +0530 Subject: [PATCH] Add sdtcs for telemeter read in RBAC (#651) Signed-off-by: Saswata Mukherjee --- configuration/observatorium/rbac.go | 9 +++++++++ resources/services/observatorium-template.yaml | 8 ++++++++ 2 files changed, 17 insertions(+) diff --git a/configuration/observatorium/rbac.go b/configuration/observatorium/rbac.go index 2a714770f28..69f77fe39a1 100644 --- a/configuration/observatorium/rbac.go +++ b/configuration/observatorium/rbac.go @@ -151,6 +151,15 @@ func GenerateRBAC(gen *mimic.Generator) { envs: []env{stagingEnv, productionEnv}, }) + // SD TCS (App-interface progressive delivery feature) + attachBinding(&obsRBAC, bindingOpts{ + name: "observatorium-sdtcs", + tenant: telemeterTenant, + signals: []signal{metricsSignal}, + perms: []rbac.Permission{rbac.Read}, + envs: []env{stagingEnv, productionEnv}, + }) + // Subwatch attachBinding(&obsRBAC, bindingOpts{ name: "observatorium-subwatch", diff --git a/resources/services/observatorium-template.yaml b/resources/services/observatorium-template.yaml index 57edad5d388..dc2de62e492 100644 --- a/resources/services/observatorium-template.yaml +++ b/resources/services/observatorium-template.yaml @@ -846,6 +846,14 @@ objects: "name": "service-account-observatorium-ccx-processing-staging" - "kind": "user" "name": "service-account-observatorium-ccx-processing" + - "name": "observatorium-sdtcs" + "roles": + - "telemeter-metrics-read" + "subjects": + - "kind": "user" + "name": "service-account-observatorium-sdtcs-staging" + - "kind": "user" + "name": "service-account-observatorium-sdtcs" - "name": "observatorium-subwatch" "roles": - "telemeter-metrics-read"