3f2a02cf98
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497) Allow rolebinding/clusterrolebinding with explicit bind permission check Fixes https://github.com/kubernetes/kubernetes/issues/39176 Fixes https://github.com/kubernetes/kubernetes/issues/39258 Allows creating/updating a rolebinding/clusterrolebinding if the user has explicitly been granted permission to perform the "bind" verb against the referenced role/clusterrole (previously, they could only bind if they already had all the permissions in the referenced role via an RBAC role themselves) ```release-note To create or update an RBAC RoleBinding or ClusterRoleBinding object, a user must: 1. Be authorized to make the create or update API request 2. Be allowed to bind the referenced role, either by already having all of the permissions contained in the referenced role, or by having the "bind" permission on the referenced role. ```
These resources are used to add extra (non-default) bindings to e2e to match users and groups that are particular to the e2e environment. These are not standard bootstrap bindings and not standard users they are bound to. This is not a recipe for adding bootstrap bindings.