Fix operator ClusterRole permissions

ClusterRole and ClusterRoleBinding delete permissions were recently added to the operator Role but they need to be in the operator ClusterRole. Signed-off-by: Tom Pantelis <[email protected]>
submariner-io · Aug 24, 2023 · b479693 · b479693
1 parent 19cce1f
commit b479693
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/config/rbac/submariner-operator/cluster_role.yaml b/config/rbac/submariner-operator/cluster_role.yaml
@@ -76,3 +76,10 @@ rules:
       - daemonsets
     verbs:
       - list
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - delete
diff --git a/config/rbac/submariner-operator/role.yaml b/config/rbac/submariner-operator/role.yaml
@@ -24,13 +24,6 @@ rules:
       - serviceaccounts
     verbs:
       - delete
-  - apiGroups:
-      - rbac.authorization.k8s.io
-    resources:
-      - clusterroles
-      - clusterrolebindings
-    verbs:
-      - delete
   - apiGroups:
       - apps
     resources:

diff --git a/pkg/embeddedyamls/yamls.go b/pkg/embeddedyamls/yamls.go
@@ -2519,13 +2519,6 @@ rules:
       - serviceaccounts
     verbs:
       - delete
-  - apiGroups:
-      - rbac.authorization.k8s.io
-    resources:
-      - clusterroles
-      - clusterrolebindings
-    verbs:
-      - delete
   - apiGroups:
       - apps
     resources:
@@ -2660,6 +2653,13 @@ rules:
       - daemonsets
     verbs:
       - list
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - delete
 `
 	Config_rbac_submariner_operator_cluster_role_binding_yaml = `---
 apiVersion: rbac.authorization.k8s.io/v1