From 919556015621f5a26e557414e1b571d9b5937f09 Mon Sep 17 00:00:00 2001 From: Max Shaposhnik Date: Wed, 21 Jul 2021 22:03:04 +0300 Subject: [PATCH] fix: Allow roles update for che workspace cluster role --- .../manifests/che-operator.clusterserviceversion.yaml | 5 +++-- .../manifests/che-operator.clusterserviceversion.yaml | 6 ++++-- config/rbac/cluster_role.yaml | 2 ++ controllers/che/workspace_namespace_permission.go | 4 ++-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/bundle/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml b/bundle/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml index 37d0866e2..dc9886d06 100644 --- a/bundle/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml @@ -83,7 +83,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che-preview-kubernetes.v7.34.0-267.nightly + name: eclipse-che-preview-kubernetes.v7.34.0-268.nightly namespace: placeholder spec: apiservicedefinitions: {} @@ -329,6 +329,7 @@ spec: verbs: - get - create + - update - delete - apiGroups: - rbac.authorization.k8s.io @@ -1299,4 +1300,4 @@ spec: maturity: stable provider: name: Eclipse Foundation - version: 7.34.0-267.nightly + version: 7.34.0-268.nightly diff --git a/bundle/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/bundle/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml index b6ce4099c..add6efb7b 100644 --- a/bundle/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml @@ -74,7 +74,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che-preview-openshift.v7.34.0-267.nightly + name: eclipse-che-preview-openshift.v7.34.0-268.nightly namespace: placeholder spec: apiservicedefinitions: {} @@ -362,6 +362,7 @@ spec: verbs: - get - create + - update - delete - apiGroups: - authorization.openshift.io @@ -379,6 +380,7 @@ spec: verbs: - get - create + - update - delete - apiGroups: - rbac.authorization.k8s.io @@ -1362,4 +1364,4 @@ spec: maturity: stable provider: name: Eclipse Foundation - version: 7.34.0-267.nightly + version: 7.34.0-268.nightly diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml index a34d3b063..9e38459cb 100644 --- a/config/rbac/cluster_role.yaml +++ b/config/rbac/cluster_role.yaml @@ -108,6 +108,7 @@ rules: verbs: - get - create + - update - delete - apiGroups: - authorization.openshift.io @@ -125,6 +126,7 @@ rules: verbs: - get - create + - update - delete - apiGroups: - rbac.authorization.k8s.io diff --git a/controllers/che/workspace_namespace_permission.go b/controllers/che/workspace_namespace_permission.go index fee29c364..b902ff4d3 100644 --- a/controllers/che/workspace_namespace_permission.go +++ b/controllers/che/workspace_namespace_permission.go @@ -311,7 +311,7 @@ func getWorkspacesPolicies() []rbac.PolicyRule { { APIGroups: []string{"rbac.authorization.k8s.io"}, Resources: []string{"roles"}, - Verbs: []string{"get", "create"}, + Verbs: []string{"get", "update", "create"}, }, { APIGroups: []string{"rbac.authorization.k8s.io"}, @@ -333,7 +333,7 @@ func getWorkspacesPolicies() []rbac.PolicyRule { { APIGroups: []string{"authorization.openshift.io"}, Resources: []string{"roles"}, - Verbs: []string{"get", "create"}, + Verbs: []string{"get", "update", "create"}, }, { APIGroups: []string{"authorization.openshift.io"},