Skip to content

Commit

Permalink
Merge pull request #543 from jakobmoellerdev/OCPBUGS-27226
Browse files Browse the repository at this point in the history
OCPBUGS-27226: fix: add missing permissions to cluster scoped resources
  • Loading branch information
openshift-merge-bot[bot] authored Jan 18, 2024
2 parents 59b126d + ac3ea44 commit 7d3b7bf
Show file tree
Hide file tree
Showing 7 changed files with 16 additions and 7 deletions.
4 changes: 4 additions & 0 deletions bundle/manifests/lvms-operator.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,7 @@ spec:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand All @@ -331,6 +332,7 @@ spec:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down Expand Up @@ -366,6 +368,7 @@ spec:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down Expand Up @@ -397,6 +400,7 @@ spec:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down
4 changes: 4 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ rules:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand All @@ -223,6 +224,7 @@ rules:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down Expand Up @@ -258,6 +260,7 @@ rules:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down Expand Up @@ -289,6 +292,7 @@ rules:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
Expand Down
7 changes: 3 additions & 4 deletions internal/controllers/lvmcluster/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,6 @@ func (r *Reconciler) GetLogPassthroughOptions() *logpassthrough.Options {
//+kubebuilder:rbac:groups=lvm.topolvm.io,resources=lvmvolumegroupnodestatuses,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=lvm.topolvm.io,resources=lvmvolumegroupnodestatuses/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=lvm.topolvm.io,resources=lvmvolumegroupnodestatuses/finalizers,verbs=update
//+kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=get;list;watch;create;update;delete
//+kubebuilder:rbac:groups=config.openshift.io,resources=infrastructures,verbs=get
//+kubebuilder:rbac:groups=topolvm.io,resources=logicalvolumes,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=topolvm.io,resources=logicalvolumes/status,verbs=get;list;watch;create;update;patch;delete
Expand All @@ -128,12 +127,12 @@ func (r *Reconciler) GetLogPassthroughOptions() *logpassthrough.Options {
//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=get;list;watch;update;delete
//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims/status,verbs=patch
//+kubebuilder:rbac:groups=core,resources=events,verbs=list;watch;create;update;patch
//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch;update
//+kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=get;list;watch;update
//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch;update;patch;create;delete
//+kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=get;list;watch;update;patch;create;delete
//+kubebuilder:rbac:groups=storage.k8s.io,resources=csinodes,verbs=get;list;watch
//+kubebuilder:rbac:groups=storage.k8s.io,resources=volumeattachments,verbs=get;list;watch
//+kubebuilder:rbac:groups=storage.k8s.io,resources=csistoragecapacities,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;list;watch;update
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;list;watch;update;create;patch;delete
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshots,verbs=get;list
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents/status,verbs=update;patch
Expand Down
2 changes: 2 additions & 0 deletions internal/controllers/lvmcluster/resource/scc.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ func (c openshiftSccs) GetName() string {
return sccName
}

//+kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=get;list;watch;create;update;delete;patch

func (c openshiftSccs) EnsureCreated(r Reconciler, ctx context.Context, cluster *lvmv1alpha1.LVMCluster) error {
logger := log.FromContext(ctx).WithValues("resourceManager", c.GetName())
sccs := getAllSCCs(r.GetNamespace())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (c csiDriver) GetName() string {
return driverName
}

//+kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=get;create;delete;watch;list
//+kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=get;create;delete;watch;list;update;patch

func (c csiDriver) EnsureCreated(r Reconciler, ctx context.Context, cluster *lvmv1alpha1.LVMCluster) error {
logger := log.FromContext(ctx).WithValues("resourceManager", c.GetName())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func (s topolvmVolumeSnapshotClass) GetName() string {
return vscName
}

//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;create;delete;watch;list
//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;create;delete;watch;list;update;patch

func (s topolvmVolumeSnapshotClass) EnsureCreated(r Reconciler, ctx context.Context, cluster *lvmv1alpha1.LVMCluster) error {
logger := log.FromContext(ctx).WithValues("resourceManager", s.GetName())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (s topolvmStorageClass) GetName() string {
return scName
}

//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;create;delete;watch;list
//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;create;delete;watch;list;update;patch

func (s topolvmStorageClass) EnsureCreated(r Reconciler, ctx context.Context, cluster *lvmv1alpha1.LVMCluster) error {
logger := log.FromContext(ctx).WithValues("resourceManager", s.GetName())
Expand Down

0 comments on commit 7d3b7bf

Please sign in to comment.