From 3c28651e0b444003da620f11a13ea596a735fe31 Mon Sep 17 00:00:00 2001
From: Max Shaposhnyk <mshaposh@redhat.com>
Date: Thu, 6 Jun 2024 18:43:35 +0300
Subject: [PATCH] Fix RBAC policies for serviceaccount (#120)

Signed-off-by: Max Shaposhnyk <mshaposh@redhat.com>
---
 config/rbac/role.yaml                     | 8 ++++++++
 controllers/component_image_controller.go | 1 -
 controllers/imagerepository_controller.go | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 7eaebd3..ea45e74 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -17,6 +17,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - appstudio.redhat.com
   resources:
diff --git a/controllers/component_image_controller.go b/controllers/component_image_controller.go
index bb55ac1..65da830 100644
--- a/controllers/component_image_controller.go
+++ b/controllers/component_image_controller.go
@@ -83,7 +83,6 @@ func (r *ComponentReconciler) SetupWithManager(mgr ctrl.Manager) error {
 }
 
 //+kubebuilder:rbac:groups=appstudio.redhat.com,resources=components,verbs=get;list;watch;update;patch
-//+kubebuilder:rbac:groups=appstudio.redhat.com,resources=remotesecrets,verbs=get;list;watch;create
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
diff --git a/controllers/imagerepository_controller.go b/controllers/imagerepository_controller.go
index ea04319..b71e30d 100644
--- a/controllers/imagerepository_controller.go
+++ b/controllers/imagerepository_controller.go
@@ -77,9 +77,9 @@ func setMetricsTime(idForMetrics string, reconcileStartTime time.Time) {
 //+kubebuilder:rbac:groups=appstudio.redhat.com,resources=imagerepositories,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=appstudio.redhat.com,resources=imagerepositories/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=appstudio.redhat.com,resources=imagerepositories/finalizers,verbs=update
-//+kubebuilder:rbac:groups=appstudio.redhat.com,resources=remotesecrets,verbs=get;list;watch;create
 //+kubebuilder:rbac:groups=appstudio.redhat.com,resources=components,verbs=get;list;watch
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch
+//+kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;update;patch
 
 func (r *ImageRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := ctrllog.FromContext(ctx).WithName("ImageRepository")