From 3f2877e6c292ca2e9e26e85b2d9ba6fb20293b54 Mon Sep 17 00:00:00 2001
From: Rick <1450685+LinuxSuRen@users.noreply.github.com>
Date: Sat, 2 Sep 2023 15:18:07 +0800
Subject: [PATCH] fix: the operator cluster role permission is missing (#198)

---
 operator/config/rbac/role.yaml           | 60 ++++++++++++++++++++++++
 operator/controllers/atest_controller.go |  6 +++
 2 files changed, 66 insertions(+)

diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
index e102ad1..7452c8b 100644
--- a/operator/config/rbac/role.yaml
+++ b/operator/config/rbac/role.yaml
@@ -5,6 +5,66 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - core.linuxsuren.github.com
   resources:
diff --git a/operator/controllers/atest_controller.go b/operator/controllers/atest_controller.go
index 10657de..c858b3a 100644
--- a/operator/controllers/atest_controller.go
+++ b/operator/controllers/atest_controller.go
@@ -49,6 +49,12 @@ type ATestReconciler struct {
 //+kubebuilder:rbac:groups=core.linuxsuren.github.com,resources=atests/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=core.linuxsuren.github.com,resources=atests/finalizers,verbs=update
 
+//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch;delete
+
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
 // TODO(user): Modify the Reconcile function to compare the state specified by