From dbeadd6787bcbbff97b185b5bbb465310b167639 Mon Sep 17 00:00:00 2001
From: Grant <mpls@posteo.net>
Date: Fri, 6 Sep 2024 17:15:59 -0500
Subject: [PATCH] provide users with appropriate access to resources

Users need access to a number of resources so that they can run scenarios.
---
 resources/charts/namespaces/values.yaml       | 26 +++++++++-
 .../namespace-defaults.yaml                   |  2 +-
 .../two_namespaces_two_users/namespaces.yaml  | 52 ++++++++++++++++++-
 3 files changed, 76 insertions(+), 4 deletions(-)

diff --git a/resources/charts/namespaces/values.yaml b/resources/charts/namespaces/values.yaml
index c28d2d0df..61f946879 100644
--- a/resources/charts/namespaces/values.yaml
+++ b/resources/charts/namespaces/values.yaml
@@ -9,8 +9,32 @@ roles:
       - apiGroups: [""]
         resources: ["pods"]
         verbs: ["get", "list", "watch"]
+      - apiGroups: [""]
+        resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+        verbs: ["get"]
+      - apiGroups: [""]
+        resources: ["configmaps", "secrets"]
+        verbs: ["get"]
+      - apiGroups: [""]
+        resources: ["persistentvolumeclaims"]
+        verbs: ["get", "list"]
+      - apiGroups: [""]
+        resources: ["events"]
+        verbs: ["get"]
   - name: pod-manager
     rules:
       - apiGroups: [""]
         resources: ["pods"]
-        verbs: ["get", "list", "watch", "create", "update", "delete"]
+        verbs: ["get", "list", "watch", "create", "delete", "update"]
+      - apiGroups: [""]
+        resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+        verbs: ["get", "create"]
+      - apiGroups: [""]
+        resources: ["configmaps", "secrets"]
+        verbs: ["get", "create"]
+      - apiGroups: [""]
+        resources: ["persistentvolumeclaims"]
+        verbs: ["get", "list"]
+      - apiGroups: [""]
+        resources: ["events"]
+        verbs: ["get"]
\ No newline at end of file
diff --git a/resources/namespaces/two_namespaces_two_users/namespace-defaults.yaml b/resources/namespaces/two_namespaces_two_users/namespace-defaults.yaml
index c28d2d0df..91ac2fc67 100644
--- a/resources/namespaces/two_namespaces_two_users/namespace-defaults.yaml
+++ b/resources/namespaces/two_namespaces_two_users/namespace-defaults.yaml
@@ -12,5 +12,5 @@ roles:
   - name: pod-manager
     rules:
       - apiGroups: [""]
-        resources: ["pods"]
+        resources: ["pods", "configmaps"]
         verbs: ["get", "list", "watch", "create", "update", "delete"]
diff --git a/resources/namespaces/two_namespaces_two_users/namespaces.yaml b/resources/namespaces/two_namespaces_two_users/namespaces.yaml
index 03b31696a..4172657b8 100644
--- a/resources/namespaces/two_namespaces_two_users/namespaces.yaml
+++ b/resources/namespaces/two_namespaces_two_users/namespaces.yaml
@@ -14,11 +14,35 @@ namespaces:
           - apiGroups: [""]
             resources: ["pods"]
             verbs: ["get", "list", "watch"]
+          - apiGroups: [""]
+            resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+            verbs: ["get"]
+          - apiGroups: [""]
+            resources: ["configmaps", "secrets"]
+            verbs: ["get"]
+          - apiGroups: [""]
+            resources: ["persistentvolumeclaims"]
+            verbs: ["get", "list"]
+          - apiGroups: [""]
+            resources: ["events"]
+            verbs: ["get"]
       - name: pod-manager
         rules:
           - apiGroups: [""]
             resources: ["pods"]
-            verbs: ["get", "list", "watch", "create", "update", "delete"]
+            verbs: ["get", "list", "watch", "create", "delete", "update"]
+          - apiGroups: [""]
+            resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+            verbs: ["get", "create"]
+          - apiGroups: [""]
+            resources: ["configmaps", "secrets"]
+            verbs: ["get", "create"]
+          - apiGroups: [""]
+            resources: ["persistentvolumeclaims"]
+            verbs: ["get", "list"]
+          - apiGroups: [""]
+            resources: ["events"]
+            verbs: ["get"]
   - name: warnet-blue-team
     users:
       - name: mallory
@@ -34,8 +58,32 @@ namespaces:
           - apiGroups: [""]
             resources: ["pods"]
             verbs: ["get", "list", "watch"]
+          - apiGroups: [""]
+            resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+            verbs: ["get"]
+          - apiGroups: [""]
+            resources: ["configmaps", "secrets"]
+            verbs: ["get"]
+          - apiGroups: [""]
+            resources: ["persistentvolumeclaims"]
+            verbs: ["get", "list"]
+          - apiGroups: [""]
+            resources: ["events"]
+            verbs: ["get"]
       - name: pod-manager
         rules:
           - apiGroups: [""]
             resources: ["pods"]
-            verbs: ["get", "list", "watch", "create", "update", "delete"]
+            verbs: ["get", "list", "watch", "create", "delete", "update"]
+          - apiGroups: [""]
+            resources: ["pods/log", "pods/exec", "pods/attach", "pods/portforward"]
+            verbs: ["get", "create"]
+          - apiGroups: [""]
+            resources: ["configmaps", "secrets"]
+            verbs: ["get", "create"]
+          - apiGroups: [""]
+            resources: ["persistentvolumeclaims"]
+            verbs: ["get", "list"]
+          - apiGroups: [""]
+            resources: ["events"]
+            verbs: ["get"]