(fix) Update jarvis-system-el ClusterRole permissions

Update the permissions to include: - delete configmaps - list serviceaccounts - delete secrets - list rolebindings All of which are needed when a job is re-run and the namespace and the resources in the namespace are deleted. Change-Id: I4005a11c92f480f9ab5b0d969d93fa5152f765c8
2021-03-03 23:45:03 +00:00 · 2021-03-03 23:45:03 +00:00 · 6e6a5663db
commit 6e6a5663db
parent d55c4271b4
2 changed files with 5 additions and 5 deletions
--- a/charts/jarvis-system/templates/ClusterRole-el.yaml
+++ b/charts/jarvis-system/templates/ClusterRole-el.yaml
@ -19,17 +19,17 @@ rules:
  verbs: ["list", "get", "create", "delete"]
 - apiGroups: [""]
  resources: ["configmaps"]
-  verbs: ["get", "list", "watch", "create"]
+  verbs: ["get", "list", "watch", "create", "delete"]
 # Permissions to create resources in associated TriggerTemplates
 - apiGroups: ["tekton.dev"]
  resources: ["pipelineruns", "pipelineresources", "taskruns", "pipelines","tasks"]
  verbs: ["create", "get", "list", "delete"]
 - apiGroups: [""]
  resources: ["serviceaccounts"]
-  verbs: ["impersonate", "get", "create", "delete"]
+  verbs: ["impersonate", "get", "create", "delete", "list"]
 - apiGroups: [""]
  resources: ["secrets"]
-  verbs: ["get", "list", "create"]
+  verbs: ["get", "list", "create", "delete"]
 - apiGroups: [""]
  resources: ["services"]
  verbs: ["get"]
@ -38,7 +38,7 @@ rules:
  verbs: ["get"]
 - apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["rolebindings"]
-  verbs: ["get", "create", "delete"]
+  verbs: ["get", "create", "delete", "list"]
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRole-el" ) }}
--- a/charts/jarvis-system/templates/Task-createProjectAccess.yaml
+++ b/charts/jarvis-system/templates/Task-createProjectAccess.yaml
@ -31,7 +31,7 @@ spec:
          else
            echo "Namespace already exists, delete all resources for re-run."
            kubectl delete pr -n jarvis-$(params.changeNumber)-$(params.patchSetNumber) --all
-            helm delete development-pipeline -n jarvis-$(params.changeNumber)-$(params.patchSetNumber) || true
+            helm delete development-pipeline -n jarvis-$(params.changeNumber)-$(params.patchSetNumber)
            kubectl delete role -n jarvis-$(params.changeNumber)-$(params.patchSetNumber) --all
            kubectl delete secret -n jarvis-$(params.changeNumber)-$(params.patchSetNumber) --all
            kubectl delete sa -n jarvis-$(params.changeNumber)-$(params.patchSetNumber) --all