Created
October 9, 2018 18:21
-
-
Save pweil-/e42f60e6993db7175236330d5003940d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Error from server (Forbidden): clusterrolebindings.authorization.openshift.io "dedicated-project-admin-0" is forbidden: attempt to grant extra privileges: [ | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["create"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["get"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["list"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["patch"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["update"]} | |
| PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["watch"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["create"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["get"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["list"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["patch"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["update"]} | |
| PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["watch"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["create"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["get"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["list"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["patch"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["update"]} | |
| PolicyRule{APIGroups:[""], Resources:["egressnetworkpolicies"], Verbs:["watch"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["get"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["list"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["patch"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["update"]} | |
| PolicyRule{APIGroups:["network.openshift.io"], Resources:["egressnetworkpolicies"], Verbs:["watch"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["get"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["list"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["patch"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["update"]} | |
| PolicyRule{APIGroups:["extensions"], Resources:["daemonsets"], Verbs:["watch"]}] | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ownerrules=[ | |
| PolicyRule{APIGroups:["" "user.openshift.io"], Resources:["users"], ResourceNames:["~"], Verbs:["get"]} | |
| PolicyRule{APIGroups:["" "project.openshift.io"], Resources:["projectrequests"], Verbs:["list"]} | |
| PolicyRule{APIGroups:["" "authorization.openshift.io"], Resources:["clusterroles"], Verbs:["get" "list"]} | |
| PolicyRule{APIGroups:["rbac.authorization.k8s.io"], Resources:["clusterroles"], Verbs:["get" "list" "watch"]} | |
| PolicyRule{APIGroups:["storage.k8s.io"], Resources:["storageclasses"], Verbs:["get" "list"]} | |
| PolicyRule{APIGroups:["" "project.openshift.io"], Resources:["projects"], Verbs:["list" "watch"]} | |
| PolicyRule{APIGroups:["" "authorization.openshift.io"], Resources:["selfsubjectrulesreviews"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["authorization.k8s.io"], Resources:["selfsubjectaccessreviews"], Verbs:["create"]} | |
| PolicyRule{NonResourceURLs:["/healthz" "/healthz/*"], Verbs:["get"]} | |
| PolicyRule{NonResourceURLs:["/version" "/version/*" "/api" "/api/*" "/apis" "/apis/*" "/oapi" "/oapi/*" "/openapi/v2" "/swaggerapi" "/swaggerapi/*" "/swagger.json" "/swagger-2.0.0.pb-v1" "/osapi" "/osapi/" "/.well-known" "/.well-known/*" "/"], Verbs:["get"]} | |
| PolicyRule{APIGroups:["" "authorization.openshift.io"], Resources:["rolebindings" "clusterrolebindings"], Verbs:["create" "delete" "get" "list" "patch" "update" "watch"]} | |
| PolicyRule{APIGroups:["rbac.authorization.k8s.io"], Resources:["rolebindings" "clusterrolebindings"], Verbs:["create" "delete" "get" "list" "patch" "update" "watch"]} | |
| PolicyRule{APIGroups:["authorization.openshift.io"], Resources:["clusterrolebindings"], Verbs:["get" "list" "watch"]} | |
| PolicyRule{APIGroups:["authorization.openshift.io"], Resources:["clusterrolebindings"], ResourceNames:["dedicated-project-admin-0"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["" "authorization.openshift.io"], Resources:["selfsubjectrulesreviews"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["authorization.k8s.io"], Resources:["selfsubjectaccessreviews"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["servicecatalog.k8s.io"], Resources:["clusterserviceclasses" "clusterserviceplans"], Verbs:["list" "watch" "get"]} | |
| PolicyRule{APIGroups:["authorization.k8s.io"], Resources:["selfsubjectaccessreviews" "selfsubjectrulesreviews"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["" "build.openshift.io"], Resources:["builds/docker" "builds/optimizeddocker"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["" "build.openshift.io"], Resources:["builds/jenkinspipeline"], Verbs:["create"]} | |
| PolicyRule{APIGroups:["" "build.openshift.io"], Resources:["builds/source"], Verbs:["create"]} | |
| PolicyRule{NonResourceURLs:["/version" "/version/*" "/api" "/api/*" "/apis" "/apis/*" "/oapi" "/oapi/*" "/openapi/v2" "/swaggerapi" "/swaggerapi/*" "/swagger.json" "/swagger-2.0.0.pb-v1" "/osapi" "/osapi/" "/.well-known" "/.well-known/*" "/"], Verbs:["get"]} | |
| PolicyRule{NonResourceURLs:["/version" "/version/*" "/api" "/api/*" "/apis" "/apis/*" "/oapi" "/oapi/*" "/openapi/v2" "/swaggerapi" "/swaggerapi/*" "/swagger.json" "/swagger-2.0.0.pb-v1" "/osapi" "/osapi/" "/.well-known" "/.well-known/*" "/"], Verbs:["get"]} | |
| PolicyRule{APIGroups:["" "oauth.openshift.io"], Resources:["oauthaccesstokens" "oauthauthorizetokens"], Verbs:["delete"]} | |
| PolicyRule{APIGroups:["authentication.k8s.io"], Resources:["userextras/scopes.authorization.openshift.io"], Verbs:["impersonate"]} | |
| PolicyRule{APIGroups:["" "build.openshift.io"], Resources:["buildconfigs/webhooks"], Verbs:["create" "get"]}] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment