From 04e016fa7ba051cd90ffeef95a30de27d8feb9c0 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Tue, 6 Dec 2022 15:07:45 +0200
Subject: [PATCH] chore: Add permissions to watch events (#1573)

* chore: Add permissions to watch events

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 .../manifests/che-operator.clusterserviceversion.yaml        | 5 +++--
 config/rbac/cluster_role.yaml                                | 1 +
 deploy/deployment/kubernetes/combined.yaml                   | 1 +
 .../kubernetes/objects/che-operator.ClusterRole.yaml         | 1 +
 deploy/deployment/openshift/combined.yaml                    | 1 +
 .../openshift/objects/che-operator.ClusterRole.yaml          | 1 +
 helmcharts/next/templates/che-operator.ClusterRole.yaml      | 1 +
 pkg/deploy/rbac/workspace_permissions.go                     | 5 +++++
 8 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
index 27970240c..d9ff76ff1 100644
--- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
+++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
@@ -77,7 +77,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/eclipse-che/che-operator
     support: Eclipse Foundation
-  name: eclipse-che.v7.57.0-736.next
+  name: eclipse-che.v7.58.0-737.next
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -681,6 +681,7 @@ spec:
               resources:
                 - events
               verbs:
+                - list
                 - watch
             - apiGroups:
                 - apps
@@ -1232,7 +1233,7 @@ spec:
   minKubeVersion: 1.19.0
   provider:
     name: Eclipse Foundation
-  version: 7.57.0-736.next
+  version: 7.58.0-737.next
   webhookdefinitions:
     - admissionReviewVersions:
         - v1
diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml
index 22c044a5c..26f49aa75 100644
--- a/config/rbac/cluster_role.yaml
+++ b/config/rbac/cluster_role.yaml
@@ -210,6 +210,7 @@ rules:
     resources:
       - events
     verbs:
+      - list
       - watch
   - apiGroups:
       - apps
diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml
index 1f92330c0..50550ea9a 100644
--- a/deploy/deployment/kubernetes/combined.yaml
+++ b/deploy/deployment/kubernetes/combined.yaml
@@ -5438,6 +5438,7 @@ rules:
   resources:
   - events
   verbs:
+  - list
   - watch
 - apiGroups:
   - apps
diff --git a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml
index e840fffba..1820f247e 100644
--- a/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml
+++ b/deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml
@@ -210,6 +210,7 @@ rules:
   resources:
   - events
   verbs:
+  - list
   - watch
 - apiGroups:
   - apps
diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml
index a1cd78fc8..ee23ba9cc 100644
--- a/deploy/deployment/openshift/combined.yaml
+++ b/deploy/deployment/openshift/combined.yaml
@@ -5438,6 +5438,7 @@ rules:
   resources:
   - events
   verbs:
+  - list
   - watch
 - apiGroups:
   - apps
diff --git a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml
index e840fffba..1820f247e 100644
--- a/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml
+++ b/deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml
@@ -210,6 +210,7 @@ rules:
   resources:
   - events
   verbs:
+  - list
   - watch
 - apiGroups:
   - apps
diff --git a/helmcharts/next/templates/che-operator.ClusterRole.yaml b/helmcharts/next/templates/che-operator.ClusterRole.yaml
index e840fffba..1820f247e 100644
--- a/helmcharts/next/templates/che-operator.ClusterRole.yaml
+++ b/helmcharts/next/templates/che-operator.ClusterRole.yaml
@@ -210,6 +210,7 @@ rules:
   resources:
   - events
   verbs:
+  - list
   - watch
 - apiGroups:
   - apps
diff --git a/pkg/deploy/rbac/workspace_permissions.go b/pkg/deploy/rbac/workspace_permissions.go
index 24956d089..19f58f8be 100644
--- a/pkg/deploy/rbac/workspace_permissions.go
+++ b/pkg/deploy/rbac/workspace_permissions.go
@@ -351,6 +351,11 @@ func (c *WorkspacePermissionsReconciler) getWorkspacesPolicies() []rbacv1.Policy
 			Resources: []string{"namespaces"},
 			Verbs:     []string{"get", "list"},
 		},
+		{
+			APIGroups: []string{""},
+			Resources: []string{"events"},
+			Verbs:     []string{"watch", "list"},
+		},
 	}
 	openshiftPolicies := []rbacv1.PolicyRule{
 		{