diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 11fc8cb81..32bbdb2d6 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -275,3 +275,57 @@ rules: - volumeattachments/status verbs: - patch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupclasses + verbs: + - get + - list + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/finalizers + verbs: + - update +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents/status + verbs: + - get + - patch + - update diff --git a/controllers/internal/crutils/static_resource_generator.go b/controllers/internal/crutils/static_resource_generator.go index c34ececeb..ce551feda 100644 --- a/controllers/internal/crutils/static_resource_generator.go +++ b/controllers/internal/crutils/static_resource_generator.go @@ -28,7 +28,8 @@ import ( const ( snapshotStorageApiGroup string = "snapshot.storage.k8s.io" securityOpenshiftApiGroup string = "security.openshift.io" - volumeGroupApiGroup string = "csi.ibm.com" + IBMVolumeGroupApiGroup string = "csi.ibm.com" + communityVolumeGroupApiGroup string = "volumegroup.storage.openshift.io" storageApiGroup string = "storage.k8s.io" rbacAuthorizationApiGroup string = "rbac.authorization.k8s.io" replicationStorageOpenshiftApiGroup string = "replication.storage.openshift.io" @@ -412,35 +413,65 @@ func (c *IBMBlockCSI) GenerateVolumeGroupClusterRole() *rbacv1.ClusterRole { }, Rules: []rbacv1.PolicyRule{ { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupsResources}, Verbs: []string{verbGet, verbList, verbWatch, verbCreate, verbUpdate, verbPatch, verbDelete}, }, { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupsStatusResource}, Verbs: []string{verbGet, verbUpdate, verbPatch}, }, { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupsFinalizersResource}, Verbs: []string{verbUpdate}, }, { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupClassesResource}, Verbs: []string{verbGet, verbList, verbWatch}, }, { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupContentsResource}, Verbs: []string{verbGet, verbList, verbWatch, verbCreate, verbUpdate, verbPatch, verbDelete}, }, { - APIGroups: []string{volumeGroupApiGroup}, + APIGroups: []string{communityVolumeGroupApiGroup}, Resources: []string{volumeGroupContentsStatusResource}, + Verbs: []string{verbGet, verbUpdate, verbPatch}, + }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupsResources}, + Verbs: []string{verbGet, verbList, verbWatch, verbCreate, verbUpdate, verbPatch, verbDelete}, + }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupsStatusResource}, + Verbs: []string{verbGet, verbUpdate, verbPatch}, + }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupsFinalizersResource}, + Verbs: []string{verbUpdate}, + }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupClassesResource}, + Verbs: []string{verbGet, verbList, verbWatch}, + }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupContentsResource}, Verbs: []string{verbGet, verbList, verbWatch, verbCreate, verbUpdate, verbPatch, verbDelete}, }, + { + APIGroups: []string{IBMVolumeGroupApiGroup}, + Resources: []string{volumeGroupContentsStatusResource}, + Verbs: []string{verbGet, verbUpdate, verbPatch}, + }, { APIGroups: []string{""}, Resources: []string{persistentVolumeClaimsResource}, diff --git a/deploy/installer/generated/ibm-block-csi-operator.yaml b/deploy/installer/generated/ibm-block-csi-operator.yaml index 91998c8e1..35d08c437 100644 --- a/deploy/installer/generated/ibm-block-csi-operator.yaml +++ b/deploy/installer/generated/ibm-block-csi-operator.yaml @@ -3345,6 +3345,60 @@ rules: - volumeattachments/status verbs: - patch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupclasses + verbs: + - get + - list + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/finalizers + verbs: + - update +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml index 24bff9cbd..20dd23061 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml @@ -608,6 +608,60 @@ spec: - volumeattachments/status verbs: - patch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupclasses + verbs: + - get + - list + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/finalizers + verbs: + - update + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/status + verbs: + - get + - patch + - update + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents/status + verbs: + - get + - patch + - update deployments: - name: ibm-block-csi-operator diff --git a/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml index 57daf012e..ec0c45ee5 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml @@ -598,6 +598,60 @@ spec: - volumeattachments/status verbs: - patch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupclasses + verbs: + - get + - list + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/finalizers + verbs: + - update + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroups/status + verbs: + - get + - patch + - update + - apiGroups: + - volumegroup.storage.openshift.io + resources: + - volumegroupcontents/status + verbs: + - get + - patch + - update deployments: - name: ibm-block-csi-operator