From 0199e889e690281fb77fd5d30550e18c915b3ee6 Mon Sep 17 00:00:00 2001
From: Zack Layne <zlayne@redhat.com>
Date: Tue, 5 Nov 2024 09:55:59 -0500
Subject: [PATCH] console role list&watch search-operator permission (#1070)

* console role list&watch search-operator permission

Signed-off-by: zlayne <zlayne@redhat.com>

* fix check

Signed-off-by: zlayne <zlayne@redhat.com>

* undo formatting

Signed-off-by: zlayne <zlayne@redhat.com>

---------

Signed-off-by: zlayne <zlayne@redhat.com>
---
 config/rbac/role.yaml                                     | 7 +++++++
 .../toggle/console-mce/templates/console-clusterrole.yaml | 8 ++++++++
 pkg/templates/rbac_gen.go                                 | 1 +
 3 files changed, 16 insertions(+)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 6b3f6f504..6958e2f54 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -2430,6 +2430,13 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - search.open-cluster-management.io
+  resources:
+  - searches
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - storage.k8s.io
   resources:
diff --git a/pkg/templates/charts/toggle/console-mce/templates/console-clusterrole.yaml b/pkg/templates/charts/toggle/console-mce/templates/console-clusterrole.yaml
index eb8062d08..525cc10ac 100644
--- a/pkg/templates/charts/toggle/console-mce/templates/console-clusterrole.yaml
+++ b/pkg/templates/charts/toggle/console-mce/templates/console-clusterrole.yaml
@@ -279,3 +279,11 @@ rules:
   - watch
   resources:
   - multiclusterengines
+
+- apiGroups:
+    - search.open-cluster-management.io
+  verbs:
+    - list
+    - watch
+  resources:
+    - searches
\ No newline at end of file
diff --git a/pkg/templates/rbac_gen.go b/pkg/templates/rbac_gen.go
index 18ea77ed0..6a927a3ef 100644
--- a/pkg/templates/rbac_gen.go
+++ b/pkg/templates/rbac_gen.go
@@ -348,6 +348,7 @@ package main
 //+kubebuilder:rbac:groups=route.openshift.io,resources=routes/custom-host,verbs=create;delete;get;list;patch;update;watch
 //+kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=create;get
 //+kubebuilder:rbac:groups=scheduling.k8s.io,resources=priorityclasses,verbs=get;create;patch;update
+//+kubebuilder:rbac:groups=search.open-cluster-management.io,resources=searches,verbs=list;watch
 //+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=list;watch
 //+kubebuilder:rbac:groups=submarineraddon.open-cluster-management.io,resources=submarinerconfigs,verbs=list;watch
 //+kubebuilder:rbac:groups=tower.ansible.com;batch;"",resources=ansiblejobs;jobs;secrets;serviceaccounts,verbs=create