Merge pull request #90 from JAORMX/controllerref

Enable manager role to modify operator finalizers
gatekeeper · Dec 18, 2020 · f1b925d · f1b925d
2 parents 5d0c60c + 4e309a0
commit f1b925d
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml b/bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
@@ -125,6 +125,15 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - operator.gatekeeper.sh
+          resources:
+          - gatekeepers/finalizers
+          verbs:
+          - delete
+          - get
+          - patch
+          - update
         - apiGroups:
           - operator.gatekeeper.sh
           resources:

diff --git a/config/rbac/base/role.yaml b/config/rbac/base/role.yaml
@@ -82,6 +82,15 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - operator.gatekeeper.sh
+  resources:
+  - gatekeepers/finalizers
+  verbs:
+  - delete
+  - get
+  - patch
+  - update
 - apiGroups:
   - operator.gatekeeper.sh
   resources:

diff --git a/controllers/gatekeeper_controller.go b/controllers/gatekeeper_controller.go
@@ -97,6 +97,7 @@ type GatekeeperReconciler struct {
 // Gatekeeper Operator RBAC permissions to manager Gatekeeper custom resource
 // +kubebuilder:rbac:groups=operator.gatekeeper.sh,resources=gatekeepers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=operator.gatekeeper.sh,resources=gatekeepers/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=operator.gatekeeper.sh,resources=gatekeepers/finalizers,verbs=delete;get;update;patch
 
 // Gatekeeper Operator RBAC permissions to deploy Gatekeeper. Many of these
 // RBAC permissions are needed because the operator must have the permissions