From aedf5cc0ccb0ae654e647524b5e76931104abea9 Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Mon, 21 Feb 2022 16:00:39 +0100
Subject: [PATCH] split roles

---
 cicd/03-rolebindings.yaml       | 14 --------------
 deployment/03-rolebindings.yaml | 13 +++++++++++++
 2 files changed, 13 insertions(+), 14 deletions(-)
 create mode 100644 deployment/03-rolebindings.yaml

diff --git a/cicd/03-rolebindings.yaml b/cicd/03-rolebindings.yaml
index fe9d5cb..9be2db7 100644
--- a/cicd/03-rolebindings.yaml
+++ b/cicd/03-rolebindings.yaml
@@ -11,17 +11,3 @@ subjects:
 - kind: ServiceAccount
   name: default
   namespace: vulnerable-log4j
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cicd-can-admin-this-namespace
-  namespace: vulnerable-log4j
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: edit
-subjects:
-- kind: ServiceAccount
-  name: pipeline
-  namespace: vulnerable-cicd
diff --git a/deployment/03-rolebindings.yaml b/deployment/03-rolebindings.yaml
new file mode 100644
index 0000000..f48cbe5
--- /dev/null
+++ b/deployment/03-rolebindings.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cicd-can-admin-this-namespace
+  namespace: vulnerable-log4j
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- kind: ServiceAccount
+  name: pipeline
+  namespace: vulnerable-cicd