Merge pull request #4 from PaloAltoNetworks/openshift-permissions

adavid-panw · web-flow · commit 72f12cd48ff7 · 2025-06-12T00:14:57.000+03:00
add openshift permissions for compliance scanning
diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: konnector
 description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management.
 type: application
-version: 1.0.7
+version: 1.0.8
 appVersion: "1.0.0"
 maintainers:
   - name: Palo Alto Networks - Cortex KSPM team
diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml
@@ -135,14 +135,26 @@ system:
         - apiGroups: [""]
           resources: ["nodes"]
           verbs: ["get", "list", "patch"]
-    openshift-cluster-info:
+    openshift-permissions:
       rules:
         - apiGroups: ["config.openshift.io"]
-          resources: ["clusterversions"]
+          resources: ["clusterversions", "apiservers", "authentications", "clusteroperators", "oauths"]
           verbs: ["get", "list", "watch"]
         - apiGroups: ["aro.openshift.io"]
           resources: ["clusters"]
           verbs: ["get", "list", "watch"]
+        - apiGroups: ["operator.openshift.io"]
+          resources: ["kubeapiservers", "openshiftapiservers", "ingresscontrollers", "networks"]
+          verbs: ["get", "list", "watch"]
+        - apiGroups: ["image.openshift.io"]
+          resources: ["images", "imagestreams"]
+          verbs: ["get", "list", "watch"]
+        - apiGroups: ["route.openshift.io"]
+          resources: ["routes"]
+          verbs: ["get", "list", "watch"]
+        - apiGroups: ["security.openshift.io"]
+          resources: ["securitycontextconstraints"]
+          verbs: ["get", "list", "watch"]
     otel:
       rules:
         - apiGroups: [""]
