From 1865d4728cf402770b367db49ae907324ccfc2c4 Mon Sep 17 00:00:00 2001
From: Angel Misevski <amisevsk@redhat.com>
Date: Thu, 10 Nov 2022 16:57:30 -0500
Subject: [PATCH] Add 'use' permission for DWO SA when container build is
 enabled (#1558)

Add 'use' permissions in addition to 'get' and 'update' to be added to
the DevWorkspace Operator ServiceAccount when container build
functionality is enabled. This is required due to changes in the
DevWorkspace Operator in https://github.com/devfile/devworkspace-operator/pull/954

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
---
 pkg/deploy/container-build/container_build.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deploy/container-build/container_build.go b/pkg/deploy/container-build/container_build.go
index 27145c738..b0e97bf53 100644
--- a/pkg/deploy/container-build/container_build.go
+++ b/pkg/deploy/container-build/container_build.go
@@ -170,7 +170,7 @@ func (cb *ContainerBuildReconciler) getDevWorkspaceSccPolicyRules(ctx *chetypes.
 		{
 			APIGroups:     []string{"security.openshift.io"},
 			Resources:     []string{"securitycontextconstraints"},
-			Verbs:         []string{"get", "update"},
+			Verbs:         []string{"get", "update", "use"},
 			ResourceNames: []string{ctx.CheCluster.Spec.DevEnvironments.ContainerBuildConfiguration.OpenShiftSecurityContextConstraint},
 		},
 	}