added the existing custom roles to the roles.yaml

rehive · Aug 20, 2019 · da5e8ef · da5e8ef
1 parent 070e868
commit da5e8ef
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 9 deletions.
diff --git a/etc/tesserarius/roles.yaml b/etc/tesserarius/roles.yaml
@@ -72,13 +72,36 @@ platform:
     - container.secrets.get
     - container.secrets.list
     - container.secrets.update
+    - logging.exclusions.get
+    - logging.exclusions.list
+    - logging.logEntries.list
+    - logging.logMetrics.get
+    - logging.logMetrics.list
+    - logging.logServiceIndexes.list
+    - logging.logServices.list
+    - logging.logs.list
+    - logging.sinks.get
+    - logging.sinks.list
+    - logging.usage.get
     - resourcemanager.projects.get
     - serviceusage.services.use
     - storage.buckets.get
     - storage.buckets.list
     - storage.objects.create
     - storage.objects.get
     - storage.objects.list
+  - name: platform.bucket.writer
+    description: 'Role for Writing to GCS Buckets'
+    stage: ALPHA
+    title: 'Storage Bucket Writer'
+    addPermissions: []
+    removePermissions: []
+    permissions:
+    - storage.buckets.get
+    - storage.objects.create
+    - storage.objects.delete
+    - storage.objects.list
+    - storage.objects.update
 extensions:
   roles:
   - name: extensions.team.developer
@@ -153,10 +176,33 @@ extensions:
     - container.secrets.get
     - container.secrets.list
     - container.secrets.update
+    - logging.exclusions.get
+    - logging.exclusions.list
+    - logging.logEntries.list
+    - logging.logMetrics.get
+    - logging.logMetrics.list
+    - logging.logServiceIndexes.list
+    - logging.logServices.list
+    - logging.logs.list
+    - logging.sinks.get
+    - logging.sinks.list
+    - logging.usage.get
     - resourcemanager.projects.get
     - serviceusage.services.use
     - storage.buckets.get
     - storage.buckets.list
     - storage.objects.create
     - storage.objects.get
     - storage.objects.list
+  - name: extensions.bucket.writer
+    description: 'Role for Writing in GCS Buckets'
+    stage: ALPHA
+    title: 'Storage Bucket Writer'
+    addPermissions: []
+    removePermissions: []
+    permissions:
+    - storage.buckets.get
+    - storage.objects.create
+    - storage.objects.delete
+    - storage.objects.list
+    - storage.objects.update
diff --git a/etc/tesserarius/tesserarius.yaml b/etc/tesserarius/tesserarius.yaml
@@ -5,25 +5,21 @@ staging:
     zone: europe-west1-c
   kubernetes:
     cluster: staging
-    namespace: tesserarius-staging
+    namespace: tesserarius
 extensions:
   serviceAccount:
   - name: service-product-media
     displayName: "Product Service Media Writer"
     description: "Service account for the Product Service to write to the Media Bucket"
-    role: product.media.writer
-  - name: service-product-staging
-    displayName: "Product Service Admin"
-    description: "Default Service account for the Product Service"
-    role: product.default.user
+    role: extensions.bucket.writer
   - name: service-test-media
     displayName: "Test Service Media Writer"
     description: "Service account for the Test Service to write to the Media Bucket"
-    role: test.media.writer
+    role: extensions.bucket.writer
   - name: service-product-media-staging
     displayName: "Product Service Media Writer"
     description: "Service Account for the Product Service on staging to write to the Media Bucket"
-    role: product.media.writer
+    role: extensions.bucket.writer
   bindings:
   - members:
     - user:[email protected]
@@ -36,7 +32,7 @@ platform:
   - name: platform-pgbackup
     displayName: "Platform Developer"
     description: "Service Account for the Platform Developer"
-    role: patroni.backup.writer
+    role: platform.bucket.writer
   bindings:
   - members:
     - user:[email protected]