jenkinsci#507 Allow listing events

Added missing permissions for listing events by Jenkins
SylwiaBrant · Feb 12, 2021 · 82bf564 · 82bf564
1 parent 3dab502
commit 82bf564
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 4 deletions.
diff --git a/chart/jenkins-operator/templates/role.yaml b/chart/jenkins-operator/templates/role.yaml
@@ -72,6 +72,7 @@ rules:
     resources:
       - events
     verbs:
+      - get
       - watch
       - list
       - create

diff --git a/config/all_in_one_v1alpha2.yaml b/config/all_in_one_v1alpha2.yaml
@@ -104,6 +104,7 @@ rules:
   resources:
     - events
   verbs:
+    - get
     - watch
     - list
     - create

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -63,6 +63,7 @@ rules:
   resources:
     - events
   verbs:
+    - get
     - watch
     - list
     - create

diff --git a/main.go b/main.go
@@ -81,7 +81,7 @@ func main() {
 
 	isRunningInCluster, err := resources.IsRunningInCluster()
 	if err != nil {
-		fatal(errors.Wrap(err, "failed to get watch namespace"), true)
+		fatal(errors.Wrap(err, "failed to determine if operator is running in cluster"), true)
 	}
 
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
@@ -133,7 +133,7 @@ func main() {
 		fatal(errors.Wrap(err, "failed to setup events"), *debug)
 	}
 
-	//Setup controller
+	// setup controller
 	clientSet, err := kubernetes.NewForConfig(cfg)
 	if err != nil {
 		fatal(errors.Wrap(err, "failed to create Kubernetes client set"), *debug)

diff --git a/pkg/configuration/base/resources/rbac.go b/pkg/configuration/base/resources/rbac.go
@@ -62,15 +62,14 @@ func NewDefaultPolicyRules() []v1.PolicyRule {
 	readOnly := []string{getVerb, listVerb, watchVerb}
 	Default := []string{createVerb, deleteVerb, getVerb, listVerb, patchVerb, updateVerb, watchVerb}
 	create := []string{createVerb}
-	watch := []string{watchVerb}
 
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "pods/portforward", create))
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "pods", Default))
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "pods/exec", Default))
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "configmaps", readOnly))
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "pods/log", readOnly))
 	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "secrets", readOnly))
-	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "events", watch))
+	rules = append(rules, NewPolicyRule(EmptyAPIGroup, "events", readOnly))
 
 	rules = append(rules, NewOpenShiftPolicyRule(OpenshiftAPIGroup, "imagestreams", readOnly))
 	rules = append(rules, NewOpenShiftPolicyRule(BuildAPIGroup, "buildconfigs", readOnly))