Merge pull request #17160 from jpeeler/rbac-clusterservicebroker

openshift-merge-robot · web-flow · commit 3a62c369ab5c · 2017-11-06T15:26:18.000-08:00
Automatic merge from submit-queue (batch tested with PRs 17160, 17185). catalog: add cluster service broker admin role Note that this is just a role without a binding. (#17158)
diff --git a/pkg/oc/bootstrap/docker/openshift/rbac.go b/pkg/oc/bootstrap/docker/openshift/rbac.go
@@ -7,6 +7,11 @@ import (
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 )
 
+// Roles
+const (
+	ClusterServiceBrokerAdminRoleName = "system:openshift:clusterservicebroker-client"
+)
+
 // GetServiceCatalogRBACDelta returns a cluster role with the required rules to bootstrap service catalog
 func GetServiceCatalogRBACDelta() []rbac.ClusterRole {
 	return []rbac.ClusterRole{
@@ -36,5 +41,13 @@ func GetServiceCatalogRBACDelta() []rbac.ClusterRole {
 				rbac.NewRule("get", "list", "watch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings").RuleOrDie(),
 			},
 		},
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Name: ClusterServiceBrokerAdminRoleName,
+			},
+			Rules: []rbac.PolicyRule{
+				rbac.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("clusterservicebrokers").RuleOrDie(),
+			},
+		},
 	}
 }
