Skip to content
This repository has been archived by the owner on Nov 11, 2021. It is now read-only.

Commit

Permalink
Fixed RBAC permissions for CICD user
Browse files Browse the repository at this point in the history
  • Loading branch information
ThomasK33 committed Feb 5, 2021
1 parent 544e66f commit 3eabab7
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 11 deletions.
30 changes: 24 additions & 6 deletions devops/kubernetes/src/charts/cicd-user/cicdUser.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ import { Chart, ChartProps } from "cdk8s";
import { Construct } from "constructs";
import {
KubeServiceAccount,
KubeRole,
KubeRoleBinding,
KubeClusterRole,
} from "../../../imports/k8s";

export class CICDUser extends Chart {
Expand All @@ -17,10 +17,9 @@ export class CICDUser extends Chart {
automountServiceAccountToken: false,
});

new KubeRole(this, "role", {
new KubeClusterRole(this, "role", {
metadata: {
name: "cicd-user-role",
namespace: "fortify",
},
rules: [
{
Expand Down Expand Up @@ -78,9 +77,9 @@ export class CICDUser extends Chart {
],
});

new KubeRoleBinding(this, "role-binding", {
new KubeRoleBinding(this, "role-binding-fortify", {
metadata: {
name: "cicd-user-global-rolebinding",
name: "cicd-user-fortify-rolebinding",
namespace: "fortify",
},
subjects: [
Expand All @@ -91,9 +90,28 @@ export class CICDUser extends Chart {
},
],
roleRef: {
kind: "Role",
apiGroup: "rbac.authorization.k8s.io",
kind: "ClusterRole",
name: "cicd-user-role",
},
});

new KubeRoleBinding(this, "role-binding-kube-system", {
metadata: {
name: "cicd-user-kube-system-rolebinding",
namespace: "kube-system",
},
subjects: [
{
kind: "ServiceAccount",
name: "cicd-user",
namespace: "fortify",
},
],
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "ClusterRole",
name: "cicd-user-role",
},
});
}
Expand Down
2 changes: 1 addition & 1 deletion services/historization/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion services/historization/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "historization",
"version": "1.8.0",
"version": "1.8.1",
"description": "A historization service responsible for persisting info",
"author": {
"name": "Thomas Kosiewski"
Expand Down
36 changes: 33 additions & 3 deletions services/historization/src/services/matchPersistor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,17 @@ export class MatchPersistor {
for (const { id, level } of activeAlliances.sort(
(a, b) => a.id - b.id,
)) {
point = point.tag(`alliance-${id.toFixed(0)}`, level.toFixed(0));
if (
id !== null &&
id !== undefined &&
level !== null &&
level !== undefined
) {
point = point.tag(
`alliance-${id.toFixed(0)}`,
level.toFixed(0),
);
}
}

for (const item of equippedItems.sort()) {
Expand Down Expand Up @@ -180,7 +190,17 @@ export class MatchPersistor {
for (const { id, level } of activeAlliances.sort(
(a, b) => a.id - b.id,
)) {
point = point.tag(`alliance-${id.toFixed(0)}`, level.toFixed(0));
if (
id !== null &&
id !== undefined &&
level !== null &&
level !== undefined
) {
point = point.tag(
`alliance-${id.toFixed(0)}`,
level.toFixed(0),
);
}
}

return point;
Expand Down Expand Up @@ -212,7 +232,17 @@ export class MatchPersistor {
for (const { id, level } of activeAlliances.sort(
(a, b) => a.id - b.id,
)) {
point = point.tag(`alliance-${id.toFixed(0)}`, level.toFixed(0));
if (
id !== null &&
id !== undefined &&
level !== null &&
level !== undefined
) {
point = point.tag(
`alliance-${id.toFixed(0)}`,
level.toFixed(0),
);
}
}

return point;
Expand Down

0 comments on commit 3eabab7

Please sign in to comment.