From bda8e3bb1e3c6dcf9ad239da3f91de3c790943e6 Mon Sep 17 00:00:00 2001 From: Codex Date: Mon, 8 Jun 2026 02:17:33 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=20provider=20Secret=20create?= =?UTF-8?q?=20RBAC=20=E8=AF=AD=E4=B9=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/src/gitops-render.ts | 5 ++++- src/selftest/cases/45-provider-profile-management.ts | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/src/gitops-render.ts b/scripts/src/gitops-render.ts index 131fe0f..ce96b75 100644 --- a/scripts/src/gitops-render.ts +++ b/scripts/src/gitops-render.ts @@ -365,10 +365,13 @@ metadata: name: agentrun-v01-mgr-provider-secret-manager namespace: ${namespace} rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] - apiGroups: [""] resources: ["secrets"] resourceNames: ["agentrun-v01-provider-codex", "agentrun-v01-provider-deepseek", "agentrun-v01-provider-minimax-m3", "agentrun-v01-provider-dsflash-go"] - verbs: ["create", "get", "patch", "update"] + verbs: ["get", "patch", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/src/selftest/cases/45-provider-profile-management.ts b/src/selftest/cases/45-provider-profile-management.ts index 33c0aee..36c89eb 100644 --- a/src/selftest/cases/45-provider-profile-management.ts +++ b/src/selftest/cases/45-provider-profile-management.ts @@ -12,7 +12,8 @@ const secretText = "sk-selftest-provider-profile-secret"; const selfTest: SelfTestCase = async (context) => { const gitopsRenderer = await readFile(path.join(context.root, "scripts/src/gitops-render.ts"), "utf8"); assert.equal(gitopsRenderer.includes("agentrun-v01-mgr-provider-secret-manager"), true); - assert.equal(gitopsRenderer.includes('verbs: ["create", "get", "patch", "update"]'), true); + assert.equal(gitopsRenderer.includes('verbs: ["create"]'), true); + assert.equal(gitopsRenderer.includes('verbs: ["get", "patch", "update"]'), true); assert.equal(gitopsRenderer.includes('resourceNames: ["agentrun-v01-provider-codex", "agentrun-v01-provider-deepseek", "agentrun-v01-provider-minimax-m3", "agentrun-v01-provider-dsflash-go"]'), true); for (const profile of ["codex", "deepseek", "minimax-m3", "dsflash-go"]) { assert.equal(gitopsRenderer.includes(`agentrun-v01-provider-${profile}`), true);