From ee118a63a25abde9b44f6b21c4a6fd50e5421ce5 Mon Sep 17 00:00:00 2001
From: Leela Venkaiah G <lgangava@ibm.com>
Date: Tue, 20 Feb 2024 17:54:50 +0530
Subject: [PATCH] ux: rbac for new rotating keys api

Signed-off-by: Leela Venkaiah G <lgangava@ibm.com>
---
 .../manifests/ocs-operator.clusterserviceversion.yaml     | 4 ++++
 deploy/ocs-operator/manifests/ux_backend_role.yaml        | 8 ++++++++
 rbac/ux_backend_role.yaml                                 | 8 ++++++++
 tools/csv-merger/csv-merger.go                            | 8 ++++++++
 4 files changed, 28 insertions(+)

diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
index 5d41cf9c64..65e5c4068a 100644
--- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
+++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
@@ -3294,6 +3294,10 @@ spec:
                 - name: ONBOARDING_TOKEN_LIFETIME
                 - name: UX_BACKEND_PORT
                 - name: TLS_ENABLED
+                - name: POD_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
                 image: quay.io/ocs-dev/ocs-operator:latest
                 imagePullPolicy: IfNotPresent
                 name: ux-backend-server
diff --git a/deploy/ocs-operator/manifests/ux_backend_role.yaml b/deploy/ocs-operator/manifests/ux_backend_role.yaml
index f89b32672e..5f1bbd7f9d 100644
--- a/deploy/ocs-operator/manifests/ux_backend_role.yaml
+++ b/deploy/ocs-operator/manifests/ux_backend_role.yaml
@@ -14,3 +14,11 @@ rules:
   verbs:
     - get
     - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - onboarding-ticket-key
+  verbs:
+  - delete
diff --git a/rbac/ux_backend_role.yaml b/rbac/ux_backend_role.yaml
index f89b32672e..5f1bbd7f9d 100644
--- a/rbac/ux_backend_role.yaml
+++ b/rbac/ux_backend_role.yaml
@@ -14,3 +14,11 @@ rules:
   verbs:
     - get
     - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - onboarding-ticket-key
+  verbs:
+  - delete
diff --git a/tools/csv-merger/csv-merger.go b/tools/csv-merger/csv-merger.go
index 11539086f4..1e2222b219 100644
--- a/tools/csv-merger/csv-merger.go
+++ b/tools/csv-merger/csv-merger.go
@@ -980,6 +980,14 @@ func getUXBackendServerDeployment() appsv1.DeploymentSpec {
 								Name:  "TLS_ENABLED",
 								Value: os.Getenv("TLS_ENABLED"),
 							},
+							{
+								Name: "POD_NAMESPACE",
+								ValueFrom: &corev1.EnvVarSource{
+									FieldRef: &corev1.ObjectFieldSelector{
+										FieldPath: "metadata.namespace",
+									},
+								},
+							},
 						},
 					},
 					{