fix: removed namespaced rbac rules since they don't actually work

marcusbooyah · marcusbooyah · commit 566dd0a070ca · 2024-04-22T11:49:53.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -104,7 +104,4 @@ KubernetesWithRetry.cs
 /Test/TestOperator/Manifests
 /Lib/Neon.Kube.Models/.buildComplete
 /Services/neon-dashboard/package-lock.json
-/Test/Test.Neon.Kube.Operator/**.yaml
-/Lib/Neon.Kube.Setup/Resources/Helm/neon-cluster-operator/crds/*.yaml
-/Lib/Neon.Kube.Setup/Resources/Helm/neon-cluster-operator/templates/clusterrole-neon-cluster-operator.yaml
-/Lib/Neon.Kube.Setup/Resources/Helm/neon-cluster-operator/templates/role-neon-cluster-operator.yaml
+*.g.yaml
diff --git a/Services/neon-cluster-operator/Controllers/GlauthController.cs b/Services/neon-cluster-operator/Controllers/GlauthController.cs
@@ -55,8 +55,7 @@ namespace NeonClusterOperator
         MaxConcurrentReconciles         = 1)]
     [RbacRule<V1Secret>(
         Verbs     = RbacVerb.All, 
-        Scope     = EntityScope.Cluster,
-        Namespace = KubeNamespace.NeonSystem)]
+        Scope     = EntityScope.Cluster)]
     [RbacRule<V1Pod>(Verbs = RbacVerb.List)]
     public class GlauthController : ResourceControllerBase<V1Secret>
     {
diff --git a/Services/neon-cluster-operator/Controllers/Sso/NeonSsoClientController.cs b/Services/neon-cluster-operator/Controllers/Sso/NeonSsoClientController.cs
@@ -50,7 +50,7 @@ namespace NeonClusterOperator
     /// </para>
     /// </summary>
     [RbacRule<V1NeonSsoClient>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster, SubResources = "status")]
-    [RbacRule<V1ConfigMap>(Verbs = RbacVerb.Get | RbacVerb.Update, Scope = EntityScope.Namespaced, Namespace = KubeNamespace.NeonSystem, ResourceNames = "neon-sso-oauth2-proxy")]
+    [RbacRule<V1ConfigMap>(Verbs = RbacVerb.Get | RbacVerb.Update, Scope = EntityScope.Namespaced, ResourceNames = "neon-sso-oauth2-proxy")]
     [ResourceController(MaxConcurrentReconciles = 1)]
     public class NeonSsoClientController : ResourceControllerBase<V1NeonSsoClient>
     {
diff --git a/Services/neon-cluster-operator/Service.cs b/Services/neon-cluster-operator/Service.cs
@@ -120,7 +120,7 @@ namespace NeonClusterOperator
     /// </remarks>
     [RbacRule<V1ConfigMap>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster)]
     [RbacRule<V1Secret>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster)]
-    [RbacRule<V1Pod>(Verbs = RbacVerb.List, Scope = EntityScope.Namespaced, Namespace = KubeNamespace.NeonSystem)]
+    [RbacRule<V1Pod>(Verbs = RbacVerb.List, Scope = EntityScope.Namespaced)]
     public partial class Service : NeonService
     {
         private const int dexPort = 5557;

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ namespace NeonClusterOperator`
`50`	`50`	`/// </para>`
`51`	`51`	`/// </summary>`
`52`	`52`	`[RbacRule<V1NeonSsoClient>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster, SubResources = "status")]`
`53`		`- [RbacRule<V1ConfigMap>(Verbs = RbacVerb.Get \| RbacVerb.Update, Scope = EntityScope.Namespaced, Namespace = KubeNamespace.NeonSystem, ResourceNames = "neon-sso-oauth2-proxy")]`
	`53`	`+ [RbacRule<V1ConfigMap>(Verbs = RbacVerb.Get \| RbacVerb.Update, Scope = EntityScope.Namespaced, ResourceNames = "neon-sso-oauth2-proxy")]`
`54`	`54`	`[ResourceController(MaxConcurrentReconciles = 1)]`
`55`	`55`	`public class NeonSsoClientController : ResourceControllerBase<V1NeonSsoClient>`
`56`	`56`	`{`
Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ namespace NeonClusterOperator`
`120`	`120`	`/// </remarks>`
`121`	`121`	`[RbacRule<V1ConfigMap>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster)]`
`122`	`122`	`[RbacRule<V1Secret>(Verbs = RbacVerb.All, Scope = EntityScope.Cluster)]`
`123`		`- [RbacRule<V1Pod>(Verbs = RbacVerb.List, Scope = EntityScope.Namespaced, Namespace = KubeNamespace.NeonSystem)]`
	`123`	`+ [RbacRule<V1Pod>(Verbs = RbacVerb.List, Scope = EntityScope.Namespaced)]`
`124`	`124`	`public partial class Service : NeonService`
`125`	`125`	`{`
`126`	`126`	`private const int dexPort = 5557;`