#150 Added missing rbac permissions create and patch k8s events

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
secureCodeBox · Jul 14, 2023 · 463d4c0 · 463d4c0
1 parent 979a7d2
commit 463d4c0
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 0 deletions.
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
@@ -5,6 +5,13 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
 - apiGroups:
   - batch
   resources:

diff --git a/operator/controllers/execution/scantype_controller.go b/operator/controllers/execution/scantype_controller.go
@@ -31,6 +31,9 @@ type ScanTypeReconciler struct {
 // +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch
 // +kubebuilder:rbac:groups="execution.securecodebox.io/status",resources=scheduledscans,verbs=get;update;patch
 
+// Allows the ScanType Controller to create and patch Events
+// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+
 // Reconcile compares the Service object against the state of the cluster and updates both if needed
 func (r *ScanTypeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := r.Log

diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go
@@ -42,6 +42,9 @@ type ScheduledScanReconciler struct {
 // +kubebuilder:rbac:groups=execution.securecodebox.io,resources=scans,verbs=get;list;create
 // +kubebuilder:rbac:groups=execution.securecodebox.io,resources=scans/status,verbs=get
 
+// Allows the ScheduledScan Controller to create and patch Events
+// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+
 // Reconcile comapares the ScheduledScan Resource with the State of the Cluster and updates both accordingly
 func (r *ScheduledScanReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := r.Log.WithValues("scheduledscan", req.NamespacedName)

diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml
@@ -9,6 +9,13 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
 - apiGroups:
   - batch
   resources: