wip

Signed-off-by: Fabrizio Sestito <[email protected]>

helm/templates/controller/role.yaml

@@ -7,6 +7,7 @@ rules:
 - apiGroups:
   - sbombastic.rancher.io
   resources:
+  - images
   - registries
   verbs:
   - create
@@ -19,45 +20,21 @@ rules:
 - apiGroups:
   - sbombastic.rancher.io
   resources:
+  - images/finalizers
   - registries/finalizers
   verbs:
   - update
 - apiGroups:
   - sbombastic.rancher.io
   resources:
-  - registries/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - sbombastic.sbombastic.rancher.io
-  resources:
-  - images
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - sbombastic.sbombastic.rancher.io
-  resources:
-  - images/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - sbombastic.sbombastic.rancher.io
-  resources:
   - images/status
+  - registries/status
   verbs:
   - get
   - patch
   - update
 - apiGroups:
-  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  - storage.sbombastic.rancher.io
   resources:
   - sboms
   verbs:
@@ -69,13 +46,13 @@ rules:
   - update
   - watch
 - apiGroups:
-  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  - storage.sbombastic.rancher.io
   resources:
   - sboms/finalizers
   verbs:
   - update
 - apiGroups:
-  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  - storage.sbombastic.rancher.io
   resources:
   - sboms/status
   verbs:

internal/controller/image_controller.go

@@ -38,9 +38,9 @@ type ImageReconciler struct {
 	Publisher messaging.Publisher
 }
 
-// +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images/finalizers,verbs=update
+// +kubebuilder:rbac:groups=sbombastic.rancher.io,resources=images,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=sbombastic.rancher.io,resources=images/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=sbombastic.rancher.io,resources=images/finalizers,verbs=update
 
 // Reconcile reconciles an Image.
 // If the Image doesn't have the SBOM, it sends a create SBOM request to the workers.

internal/controller/sbom_controller.go

@@ -39,9 +39,9 @@ type SBOMReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io.sbombastic.rancher.io,resources=sboms,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io.sbombastic.rancher.io,resources=sboms/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io.sbombastic.rancher.io,resources=sboms/finalizers,verbs=update
+// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io,resources=sboms,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io,resources=sboms/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=storage.sbombastic.rancher.io,resources=sboms/finalizers,verbs=update
 
 // Reconcile reconciles a SBOM.
 // If all images have SBOMs, it updates the last discovered timestamp on the registry, since the Registry discovery is completed.

internal/storage/sbom_store.go

@@ -171,6 +171,10 @@ func (s *sbomStore) Delete(
 		return storage.NewInternalError(err.Error())
 	}
 
+	if err := s.broadcaster.Action(watch.Deleted, out); err != nil {
+		return storage.NewInternalError(err.Error())
+	}
+
 	return nil
 }