From 6afe1d75d203dacbb6acae78bcb6a89fc969554c Mon Sep 17 00:00:00 2001 From: Ahmad Karimi Date: Sat, 5 Aug 2023 14:23:17 +0330 Subject: [PATCH] add missing rbac access definitions --- config/rbac/role.yaml | 32 +++++++++++++++++++ deploy/charts/s3-operator/Chart.yaml | 2 +- .../s3-operator/templates/manager-rbac.yaml | 32 +++++++++++++++++++ internal/controllers/s3userclaim/handler.go | 3 ++ 4 files changed, 68 insertions(+), 1 deletion(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8ce84b8..722e0d3 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,6 +5,26 @@ metadata: creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -17,6 +37,18 @@ rules: - patch - update - watch +- apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - s3.snappcloud.io resources: diff --git a/deploy/charts/s3-operator/Chart.yaml b/deploy/charts/s3-operator/Chart.yaml index 10d3c87..6312515 100644 --- a/deploy/charts/s3-operator/Chart.yaml +++ b/deploy/charts/s3-operator/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. diff --git a/deploy/charts/s3-operator/templates/manager-rbac.yaml b/deploy/charts/s3-operator/templates/manager-rbac.yaml index b88f770..f2095e7 100644 --- a/deploy/charts/s3-operator/templates/manager-rbac.yaml +++ b/deploy/charts/s3-operator/templates/manager-rbac.yaml @@ -5,6 +5,26 @@ metadata: labels: {{- include "s3-operator.labels" . | nindent 4 }} rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -17,6 +37,18 @@ rules: - patch - update - watch +- apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - s3.snappcloud.io resources: diff --git a/internal/controllers/s3userclaim/handler.go b/internal/controllers/s3userclaim/handler.go index 10a799e..e80f762 100644 --- a/internal/controllers/s3userclaim/handler.go +++ b/internal/controllers/s3userclaim/handler.go @@ -83,7 +83,10 @@ func NewReconciler(mgr manager.Manager, cfg *config.Config, rgwClient *admin.API //+kubebuilder:rbac:groups=s3.snappcloud.io,resources=s3users,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=s3.snappcloud.io,resources=s3users/status,verbs=get;update;patch //+kubebuilder:rbac:groups=s3.snappcloud.io,resources=s3users/finalizers,verbs=update +//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch //+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=core,resources=resourcequotas,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=quota.openshift.io,resources=clusterresourcequotas,verbs=get;list;watch;create;update;patch;delete func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { r.logger = log.FromContext(ctx)