Skip to content

Commit 4584d36

Browse files
bennyzbennyz
committed
forklift: add missing rbac
Signed-off-by: Benny Zlotnik <[email protected]>
1 parent b6392df commit 4584d36

File tree

2 files changed

+46
-3
lines changed

2 files changed

+46
-3
lines changed

pkg/operator/resources/cluster/controller.go

+1-3
Original file line numberDiff line numberDiff line change
@@ -274,9 +274,7 @@ func getControllerClusterPolicyRules() []rbacv1.PolicyRule {
274274
"openstackvolumepopulators",
275275
},
276276
Verbs: []string{
277-
"get",
278-
"list",
279-
"watch",
277+
"*",
280278
},
281279
},
282280
}

pkg/operator/resources/cluster/rbac.go

+45
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,13 @@ func createAggregateClusterRoles(_ *FactoryArgs) []client.Object {
3030
utils.ResourceBuilder.CreateAggregateClusterRole("cdi.kubevirt.io:admin", "admin", getAdminPolicyRules()),
3131
utils.ResourceBuilder.CreateAggregateClusterRole("cdi.kubevirt.io:edit", "edit", getEditPolicyRules()),
3232
utils.ResourceBuilder.CreateAggregateClusterRole("cdi.kubevirt.io:view", "view", getViewPolicyRules()),
33+
utils.ResourceBuilder.CreateAggregateClusterRole("forklift.cdi.kubevirt.io:admin", "admin", getAdminPolicyRules()),
34+
utils.ResourceBuilder.CreateAggregateClusterRole("forklift.cdi.kubevirt.io:edit", "edit", getEditPolicyRules()),
35+
utils.ResourceBuilder.CreateAggregateClusterRole("forklift.cdi.kubevirt.io:view", "view", getViewPolicyRules()),
3336
createConfigReaderClusterRole("cdi.kubevirt.io:config-reader"),
37+
createConfigReaderClusterRole("forklift.cdi.kubevirt.io:config-reader"),
3438
createConfigReaderClusterRoleBinding("cdi.kubevirt.io:config-reader"),
39+
createConfigReaderClusterRoleBinding("forklift.cdi.kubevirt.io:config-reader"),
3540
}
3641
}
3742

@@ -75,6 +80,18 @@ func getAdminPolicyRules() []rbacv1.PolicyRule {
7580
"*",
7681
},
7782
},
83+
{
84+
APIGroups: []string{
85+
"forklift.cdi.kubevirt.io",
86+
},
87+
Resources: []string{
88+
"ovirtvolumepopulators",
89+
"openstackvolumepopulators",
90+
},
91+
Verbs: []string{
92+
"*",
93+
},
94+
},
7895
}
7996
}
8097

@@ -107,6 +124,20 @@ func getViewPolicyRules() []rbacv1.PolicyRule {
107124
"watch",
108125
},
109126
},
127+
{
128+
APIGroups: []string{
129+
"forklift.cdi.kubevirt.io",
130+
},
131+
Resources: []string{
132+
"ovirtvolumepopulators",
133+
"openstackvolumepopulators",
134+
},
135+
Verbs: []string{
136+
"get",
137+
"list",
138+
"watch",
139+
},
140+
},
110141
{
111142
APIGroups: []string{
112143
"cdi.kubevirt.io",
@@ -137,6 +168,20 @@ func createConfigReaderClusterRole(name string) *rbacv1.ClusterRole {
137168
"watch",
138169
},
139170
},
171+
{
172+
APIGroups: []string{
173+
"forklift.cdi.kubevirt.io",
174+
},
175+
Resources: []string{
176+
"ovirtvolumepopulators",
177+
"openstackvolumepopulators",
178+
},
179+
Verbs: []string{
180+
"get",
181+
"list",
182+
"watch",
183+
},
184+
},
140185
}
141186

142187
return utils.ResourceBuilder.CreateClusterRole(name, rules)

0 commit comments

Comments
 (0)