diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 047a13f1..4a0180f4 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -11,10 +11,9 @@ rules: - mutatingwebhookconfigurations verbs: - create - - get + - delete - list - patch - - update - watch - apiGroups: - admissionregistration.k8s.io @@ -22,19 +21,21 @@ rules: - validatingwebhookconfigurations verbs: - create - - get + - delete - list - patch - - update - watch - apiGroups: - policies.kubewarden.io resources: - admissionpolicies verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - policies.kubewarden.io @@ -55,9 +56,12 @@ rules: resources: - clusteradmissionpolicies verbs: + - create - delete - get - list + - patch + - update - watch - apiGroups: - policies.kubewarden.io diff --git a/controllers/admissionpolicy_controller.go b/controllers/admissionpolicy_controller.go index fe4685ef..57663de8 100644 --- a/controllers/admissionpolicy_controller.go +++ b/controllers/admissionpolicy_controller.go @@ -42,7 +42,7 @@ import ( // // We need access to these resources inside of all the namespaces -> a ClusterRole // is needed -//+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies,verbs=get;list;watch;delete +//+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies/status,verbs=get;update;patch //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=admissionpolicies/finalizers,verbs=update // diff --git a/controllers/clusteradmissionpolicy_controller.go b/controllers/clusteradmissionpolicy_controller.go index 6fcc0194..e352829e 100644 --- a/controllers/clusteradmissionpolicy_controller.go +++ b/controllers/clusteradmissionpolicy_controller.go @@ -42,7 +42,7 @@ import ( // // We need access to these resources inside of all the namespaces -> a ClusterRole // is needed -//+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies,verbs=get;list;watch;delete +//+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies/status,verbs=get;update;patch //+kubebuilder:rbac:groups=policies.kubewarden.io,resources=clusteradmissionpolicies/finalizers,verbs=update diff --git a/internal/pkg/admission/mutating-webhook.go b/internal/pkg/admission/mutating-webhook.go index a15ab3e4..e137aa76 100644 --- a/internal/pkg/admission/mutating-webhook.go +++ b/internal/pkg/admission/mutating-webhook.go @@ -17,7 +17,7 @@ import ( "github.com/kubewarden/kubewarden-controller/internal/pkg/constants" ) -//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch +//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=create;delete;list;patch;watch func (r *Reconciler) ReconcileMutatingWebhookConfiguration( ctx context.Context, diff --git a/internal/pkg/admission/validating-webhook.go b/internal/pkg/admission/validating-webhook.go index 68af63ef..40091e33 100644 --- a/internal/pkg/admission/validating-webhook.go +++ b/internal/pkg/admission/validating-webhook.go @@ -17,7 +17,7 @@ import ( "github.com/kubewarden/kubewarden-controller/internal/pkg/constants" ) -//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch +//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=create;delete;list;patch;watch func (r *Reconciler) ReconcileValidatingWebhookConfiguration( ctx context.Context,