From 30a0a4a8387135416791f72d555d22226403f87a Mon Sep 17 00:00:00 2001 From: hardwarefresser Date: Sat, 17 Aug 2024 10:01:42 +0200 Subject: [PATCH] Add configmap target check (#203) * Implement configmap target check Only include permissions to configmaps if target includes configmap. This reduces permissions. * Bump version * change envVars to empty list * use coalesce * use git --------- Co-authored-by: Christian Hopf --- charts/sbom-operator/Chart.yaml | 2 +- charts/sbom-operator/templates/clusterrole.yaml | 2 ++ charts/sbom-operator/values.yaml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/sbom-operator/Chart.yaml b/charts/sbom-operator/Chart.yaml index 8802c12..8eb0439 100644 --- a/charts/sbom-operator/Chart.yaml +++ b/charts/sbom-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Catalogue all images of a Kubernetes cluster to multiple targets with Syft name: sbom-operator -version: 0.37.0 +version: 0.37.1 appVersion: 0.36.0 home: https://github.com/ckotzbauer/sbom-operator sources: diff --git a/charts/sbom-operator/templates/clusterrole.yaml b/charts/sbom-operator/templates/clusterrole.yaml index 9759986..ea4ad91 100644 --- a/charts/sbom-operator/templates/clusterrole.yaml +++ b/charts/sbom-operator/templates/clusterrole.yaml @@ -18,6 +18,7 @@ rules: - secrets verbs: - get +{{- if and .Values.args (hasKey .Values.args "targets") .Values.args.targets (contains "configmap" (coalesce .Values.args.targets "git")) }} - apiGroups: - "" resources: @@ -27,6 +28,7 @@ rules: - create - list - delete +{{- end }} - apiGroups: - "" resources: diff --git a/charts/sbom-operator/values.yaml b/charts/sbom-operator/values.yaml index 5c4e275..9cf4fa6 100644 --- a/charts/sbom-operator/values.yaml +++ b/charts/sbom-operator/values.yaml @@ -10,7 +10,7 @@ image: args: {} -envVars: {} +envVars: [] jobImageMode: false