From 684df8635b0766e771d349b9712c776f0f2c174e Mon Sep 17 00:00:00 2001
From: Yadong Zhang <yadongzhang@tencent.com>
Date: Thu, 13 Feb 2020 21:14:16 +0800
Subject: [PATCH] Fix: add nonResourcePath into abac policy config (#131)

---
 .../app/installer/manifests/tke-auth-api/tke-auth-api.yaml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml b/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
index d6dc2c69c..93e7a4f83 100644
--- a/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
+++ b/cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
@@ -80,7 +80,7 @@ metadata:
   namespace: tke
 data:
   abac-policy.json: |
-    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*"}}
+    {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
   tke-auth-api.toml: |
     [secure_serving]
     tls_cert_file = "/app/certs/server.crt"