Skip to content

Commit e63bfaa

Browse files
author
Lukas Fischer
committed
#1894 Remove unused functions and k8s permissions
The initial set of kubernetes permissions for the role in the helm template was adapted from the kubernetes AutoDiscovery, which is based on kubebuilder. The AWS Cloud AutoDiscovery manually connects to kubernetes and uses a lot fewer API permissions than the kubernetes AutoDiscovery. If future features need more permissions they can be added back again. Signed-off-by: Lukas Fischer <[email protected]>
1 parent 965c2d0 commit e63bfaa

2 files changed

Lines changed: 0 additions & 54 deletions

File tree

auto-discovery/cloud-aws/pkg/kubernetes/kubernetes.go

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ import (
1717
apierrors "k8s.io/apimachinery/pkg/api/errors"
1818
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1919
"k8s.io/apimachinery/pkg/runtime"
20-
"k8s.io/apimachinery/pkg/types"
2120
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
2221
"k8s.io/cli-runtime/pkg/genericclioptions"
2322
"sigs.k8s.io/controller-runtime/pkg/client"
@@ -185,18 +184,6 @@ func (r *CloudScanReconciler) handleDeleteRequest(ctx context.Context, req Reque
185184
return err
186185
}
187186

188-
func (r *CloudScanReconciler) getScheduledScan(ctx context.Context, name string) (*executionv1.ScheduledScan, error) {
189-
scheduledScan := &executionv1.ScheduledScan{}
190-
err := r.Client.Get(ctx, types.NamespacedName{Name: name, Namespace: r.Config.Kubernetes.Namespace}, scheduledScan)
191-
return scheduledScan, err
192-
}
193-
194-
func (r *CloudScanReconciler) listScheduledScans(ctx context.Context) (*executionv1.ScheduledScanList, error) {
195-
var scheduledscans executionv1.ScheduledScanList
196-
err := r.Client.List(ctx, &scheduledscans, client.InNamespace(r.Config.Kubernetes.Namespace))
197-
return &scheduledscans, err
198-
}
199-
200187
func (r *CloudScanReconciler) createScheduledScan(ctx context.Context, scheduledScan *executionv1.ScheduledScan) (*executionv1.ScheduledScan, error) {
201188
scheduledScan.ObjectMeta.Namespace = r.Config.Kubernetes.Namespace
202189
err := r.Client.Create(ctx, scheduledScan)

auto-discovery/cloud-aws/templates/rbac/role.yaml

Lines changed: 0 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -8,51 +8,10 @@ kind: Role
88
metadata:
99
name: auto-discovery-cloud-aws
1010
rules:
11-
- apiGroups:
12-
- execution.securecodebox.io
13-
resources:
14-
- scantypes
15-
verbs:
16-
- get
17-
- list
18-
- watch
1911
- apiGroups:
2012
- execution.securecodebox.io
2113
resources:
2214
- scheduledscans
2315
verbs:
2416
- create
25-
- get
26-
- list
27-
- patch
28-
- update
29-
- watch
3017
- delete
31-
- apiGroups:
32-
- execution.securecodebox.io/status
33-
resources:
34-
- scheduledscans
35-
verbs:
36-
- get
37-
- patch
38-
- update
39-
- apiGroups:
40-
- execution.securecodebox.io
41-
resources:
42-
- scans
43-
verbs:
44-
- create
45-
- get
46-
- list
47-
- patch
48-
- update
49-
- watch
50-
- delete
51-
- apiGroups:
52-
- execution.securecodebox.io/status
53-
resources:
54-
- scans
55-
verbs:
56-
- get
57-
- patch
58-
- update

0 commit comments

Comments
 (0)