From 1a699d3427f0366392873d3ac6e14f9e09cda3e9 Mon Sep 17 00:00:00 2001
From: Ben Luzarraga <31223504+bluzarraga@users.noreply.github.com>
Date: Tue, 8 Oct 2024 17:22:41 -0500
Subject: [PATCH] update labeling permissions and script (#2245)

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>
---
 velero/backup/common-service/label-bedrock-role.yaml | 7 ++++---
 velero/backup/common-service/label-common-service.sh | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/velero/backup/common-service/label-bedrock-role.yaml b/velero/backup/common-service/label-bedrock-role.yaml
index 2c692f193..964051479 100644
--- a/velero/backup/common-service/label-bedrock-role.yaml
+++ b/velero/backup/common-service/label-bedrock-role.yaml
@@ -16,7 +16,8 @@ rules:
       - policy
       - zen.cpd.ibm.com
       - operators.coreos.com
-      - operator.ibm.com 
+      - operator.ibm.com
+      - rbac.authorization.k8s.io 
     resources:
       - namespaces
       - zenservices
@@ -28,8 +29,8 @@ rules:
       - secrets
       - commonservices
       - namespacescopes
-      - role
-      - rolebinding
+      - roles
+      - rolebindings
       - serviceaccount
       #not necessary for cpd
       #- ibmlicenseservicereporters.operator.ibm.com
diff --git a/velero/backup/common-service/label-common-service.sh b/velero/backup/common-service/label-common-service.sh
index 1f166ba6f..8216f1fa6 100755
--- a/velero/backup/common-service/label-common-service.sh
+++ b/velero/backup/common-service/label-common-service.sh
@@ -372,7 +372,7 @@ function label_nss(){
     ${OC} label role nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
     ${OC} label rolebinding nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
     ${OC} label rolebinding nss-managed-role-from-$OPERATOR_NS foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
-    ${OC} label configmap namespace-scope foundationservices.cloudpak.ibm.com=nss -n $SERVICES_NS --overwrite=true 2>/dev/null
+    ${OC} label configmap namespace-scope foundationservices.cloudpak.ibm.com=nss -n $OPERATOR_NS --overwrite=true 2>/dev/null
     if [[ $TETHERED_NS != "" ]]; then
         for namespace in ${TETHERED_NS//,/ }
         do