Implement configmap target check

Only include permissions to configmaps if target includes configmap. This reduces permissions.
2024-07-16 14:27:06 +02:00 · 2024-07-16 14:27:06 +02:00 · bb2e2e37dc
parent 297aa0ddd1
commit bb2e2e37dc
1 changed files with 2 additions and 0 deletions
--- a/charts/sbom-operator/templates/clusterrole.yaml
+++ b/charts/sbom-operator/templates/clusterrole.yaml
@ -18,6 +18,7 @@ rules:
  - secrets
  verbs:
  - get
+{{- if and .Values.args (hasKey .Values.args "targets") .Values.args.targets (contains "configmap" .Values.args.targets) }}
 - apiGroups:
  - ""
  resources:
@ -27,6 +28,7 @@ rules:
  - create
  - list
  - delete
+{{- end }}
 - apiGroups:
  - ""
  resources: