diff --git a/Makefile b/Makefile index 6cdc589d8..42249bae9 100644 --- a/Makefile +++ b/Makefile @@ -403,9 +403,7 @@ e2e-provider-deploy: e2e-deploy-manifest: kubectl apply -f manifest_staging/deploy/csidriver.yaml kubectl apply -f manifest_staging/deploy/rbac-secretproviderclass.yaml - kubectl apply -f manifest_staging/deploy/rbac-secretproviderrotation.yaml kubectl apply -f manifest_staging/deploy/rbac-secretprovidersyncing.yaml - kubectl apply -f manifest_staging/deploy/rbac-secretprovidertokenrequest.yaml kubectl apply -f manifest_staging/deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml kubectl apply -f manifest_staging/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml kubectl apply -f manifest_staging/deploy/role-secretproviderclasses-admin.yaml diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml deleted file mode 100644 index 64bbf28fa..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if .Values.enableSecretRotation }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretproviderrotation-role - labels: -{{ include "sscd.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml deleted file mode 100644 index ae7908e16..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.enableSecretRotation }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretproviderrotation-rolebinding - labels: -{{ include "sscd.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretproviderrotation-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml deleted file mode 100644 index f81594ea0..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.tokenRequests }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretprovidertokenrequest-role - labels: -{{ include "sscd.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -{{ end }} diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml deleted file mode 100644 index 76abcb28b..000000000 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/role-tokenrequest_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.tokenRequests }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretprovidertokenrequest-rolebinding - labels: -{{ include "sscd.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretprovidertokenrequest-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/manifest_staging/deploy/rbac-secretproviderrotation.yaml b/manifest_staging/deploy/rbac-secretproviderrotation.yaml deleted file mode 100644 index 24ecde822..000000000 --- a/manifest_staging/deploy/rbac-secretproviderrotation.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretproviderrotation-role -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretproviderrotation-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretproviderrotation-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: kube-system diff --git a/manifest_staging/deploy/rbac-secretprovidertokenrequest.yaml b/manifest_staging/deploy/rbac-secretprovidertokenrequest.yaml deleted file mode 100644 index b97ff3d55..000000000 --- a/manifest_staging/deploy/rbac-secretprovidertokenrequest.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: secretprovidertokenrequest-role -rules: -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: secretprovidertokenrequest-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: secretprovidertokenrequest-role -subjects: -- kind: ServiceAccount - name: secrets-store-csi-driver - namespace: kube-system diff --git a/test/bats/e2e-provider.bats b/test/bats/e2e-provider.bats index 5e21909ed..dfb942753 100644 --- a/test/bats/e2e-provider.bats +++ b/test/bats/e2e-provider.bats @@ -83,8 +83,6 @@ export VALIDATE_TOKENS_AUDIENCE=$(get_token_requests_audience) run kubectl get clusterrole/secretproviderclasspodstatuses-viewer-role assert_success - run kubectl get clusterrole/secretproviderrotation-role - assert_success run kubectl get clusterrole/secretprovidersyncing-role assert_success @@ -92,20 +90,8 @@ export VALIDATE_TOKENS_AUDIENCE=$(get_token_requests_audience) run kubectl get clusterrolebinding/secretproviderclasses-rolebinding assert_success - run kubectl get clusterrolebinding/secretproviderrotation-rolebinding - assert_success - run kubectl get clusterrolebinding/secretprovidersyncing-rolebinding assert_success - - # validate token request role and rolebinding only when token requests are set - if [[ -n "${VALIDATE_TOKENS_AUDIENCE}" ]]; then - run kubectl get clusterrole/secretprovidertokenrequest-role - assert_success - - run kubectl get clusterrolebinding/secretprovidertokenrequest-rolebinding - assert_success - fi } @test "[v1alpha1] deploy e2e-provider secretproviderclass crd" {