fix: Avoid having the permission to use any scc (#619)

horis233 · web-flow · commit faada316be51 · 2021-02-18T14:35:32.000+08:00
diff --git a/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml b/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml
@@ -322,7 +322,13 @@ spec:
           resources:
           - '*'
           verbs:
-          - '*'
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         serviceAccountName: operand-deployment-lifecycle-manager
     strategy: deployment
   installModes:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -68,4 +68,10 @@ rules:
   resources:
   - '*'
   verbs:
-  - '*'
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

-Original file line number
+Diff line change
   resources:
   - '*'
   verbs:
 -  - '*'
 +  - create
 +  - delete
 +  - get
 +  - list
 +  - patch
 +  - update
 +  - watch