open-cluster-management.io/governance-policy-propagator@v0.13.0/test/resources/case18_compliance_api_test/wrong_service_account.yaml (about) 1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 name: wrong-sa 5 namespace: default 6 --- 7 apiVersion: v1 8 kind: Secret 9 type: kubernetes.io/service-account-token 10 metadata: 11 name: wrong-sa 12 annotations: 13 kubernetes.io/service-account.name: wrong-sa 14 --- 15 apiVersion: rbac.authorization.k8s.io/v1 16 kind: ClusterRole 17 metadata: 18 name: wrong-cluster-role 19 rules: 20 - apiGroups: 21 - '*' 22 resources: 23 - '*' 24 verbs: 25 - watch 26 --- 27 apiVersion: rbac.authorization.k8s.io/v1 28 kind: ClusterRoleBinding 29 metadata: 30 name: wrong-cluster-role-binding 31 roleRef: 32 apiGroup: rbac.authorization.k8s.io 33 kind: ClusterRole 34 name: wrong-cluster-role 35 subjects: 36 - kind: ServiceAccount 37 name: wrong-sa 38 namespace: default 39 --- 40 # This ensures role bindings (not cluster role bindings) are ignored in the test 41 apiVersion: rbac.authorization.k8s.io/v1 42 kind: ClusterRole 43 metadata: 44 name: wrong-cluster-role-bound-with-role-binding 45 rules: 46 - apiGroups: 47 - cluster.open-cluster-management.io 48 resources: 49 - managedclusters 50 verbs: 51 - get 52 --- 53 apiVersion: rbac.authorization.k8s.io/v1 54 kind: RoleBinding 55 metadata: 56 name: wrong-cluster-role-binding 57 namespace: default 58 roleRef: 59 apiGroup: rbac.authorization.k8s.io 60 kind: ClusterRole 61 name: wrong-cluster-role-bound-with-role-binding 62 subjects: 63 - kind: ServiceAccount 64 name: wrong-sa 65 namespace: default