From c660e81bff85fa21624822208997e6fa58f1d255 Mon Sep 17 00:00:00 2001
From: Leo Christy Jesuraj <leojc@ca.ibm.com>
Date: Wed, 26 Apr 2023 17:36:20 -0400
Subject: [PATCH] sync up: add patch permissions (#525)

* sync up: add patch permissions

Signed-off-by: Leo Christy Jesuraj <leojc@ca.ibm.com>

* Update sample automatically

Signed-off-by: Leo Christy Jesuraj <leojc@ca.ibm.com>

---------

Signed-off-by: Leo Christy Jesuraj <leojc@ca.ibm.com>
---
 .../manifests/runtime-component.clusterserviceversion.yaml   | 5 ++++-
 config/rbac/role.yaml                                        | 3 +++
 controllers/runtimecomponent_controller.go                   | 2 +-
 controllers/runtimeoperation_controller.go                   | 4 ++--
 .../deploy/kustomize/daily/base/runtime-component-roles.yaml | 3 +++
 .../daily/overlays/watch-all-namespaces/cluster-roles.yaml   | 3 +++
 .../rco-watched-ns/watched-roles.yaml                        | 3 +++
 scripts/update-sample.sh                                     | 1 +
 8 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/bundle/manifests/runtime-component.clusterserviceversion.yaml b/bundle/manifests/runtime-component.clusterserviceversion.yaml
index 2b94284b..019b1c8f 100644
--- a/bundle/manifests/runtime-component.clusterserviceversion.yaml
+++ b/bundle/manifests/runtime-component.clusterserviceversion.yaml
@@ -68,7 +68,7 @@ metadata:
     categories: Application Runtime
     certified: "true"
     containerImage: icr.io/appcafe/runtime-component-operator:daily
-    createdAt: "2023-04-26T16:16:09Z"
+    createdAt: "2023-04-26T17:30:36Z"
     description: Deploys any runtime component with dynamic and auto-tuning configuration
     olm.skipRange: '>=0.8.0 <1.2.0'
     operators.openshift.io/infrastructure-features: '["disconnected"]'
@@ -1126,6 +1126,7 @@ spec:
           - delete
           - get
           - list
+          - patch
           - update
           - watch
         - apiGroups:
@@ -1171,6 +1172,7 @@ spec:
           - delete
           - get
           - list
+          - patch
           - update
           - watch
         - apiGroups:
@@ -1184,6 +1186,7 @@ spec:
           - delete
           - get
           - list
+          - patch
           - update
           - watch
         - apiGroups:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 85891e76..0c4e314f 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -72,6 +72,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -117,6 +118,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -130,6 +132,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
diff --git a/controllers/runtimecomponent_controller.go b/controllers/runtimecomponent_controller.go
index 5233c312..dc24098d 100644
--- a/controllers/runtimecomponent_controller.go
+++ b/controllers/runtimecomponent_controller.go
@@ -66,7 +66,7 @@ type RuntimeComponentReconciler struct {
 }
 
 // +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,resourceNames=restricted,verbs=use,namespace=runtime-component-operator
-// +kubebuilder:rbac:groups=rc.app.stacks,resources=runtimecomponents;runtimecomponents/status;runtimecomponents/finalizers,verbs=get;list;watch;create;update;delete,namespace=runtime-component-operator
+// +kubebuilder:rbac:groups=rc.app.stacks,resources=runtimecomponents;runtimecomponents/status;runtimecomponents/finalizers,verbs=get;list;watch;create;update;patch;delete,namespace=runtime-component-operator
 // +kubebuilder:rbac:groups=apps,resources=deployments;statefulsets,verbs=get;list;watch;create;update;delete,namespace=runtime-component-operator
 // +kubebuilder:rbac:groups=apps,resources=deployments/finalizers;statefulsets,verbs=update,namespace=runtime-component-operator
 // +kubebuilder:rbac:groups=core,resources=services;secrets;serviceaccounts;configmaps,verbs=get;list;watch;create;update;delete,namespace=runtime-component-operator
diff --git a/controllers/runtimeoperation_controller.go b/controllers/runtimeoperation_controller.go
index 7c5e92c0..f190b4c9 100644
--- a/controllers/runtimeoperation_controller.go
+++ b/controllers/runtimeoperation_controller.go
@@ -49,8 +49,8 @@ type RuntimeOperationReconciler struct {
 	RestConfig *rest.Config
 }
 
-// +kubebuilder:rbac:groups=rc.app.stacks,resources=runtimeoperations;runtimeoperations/status;runtimeoperations/finalizers,verbs=get;list;watch;create;update;delete,namespace=runtime-component-operator
-// +kubebuilder:rbac:groups=core,resources=pods;pods/exec,verbs=get;list;watch;create;update;delete,namespace=runtime-component-operator
+// +kubebuilder:rbac:groups=rc.app.stacks,resources=runtimeoperations;runtimeoperations/status;runtimeoperations/finalizers,verbs=get;list;watch;create;update;patch;delete,namespace=runtime-component-operator
+// +kubebuilder:rbac:groups=core,resources=pods;pods/exec,verbs=get;list;watch;create;update;patch;delete,namespace=runtime-component-operator
 
 func (r *RuntimeOperationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	reqLogger := r.Log.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name)
diff --git a/internal/deploy/kustomize/daily/base/runtime-component-roles.yaml b/internal/deploy/kustomize/daily/base/runtime-component-roles.yaml
index b0ac8de7..6697379b 100644
--- a/internal/deploy/kustomize/daily/base/runtime-component-roles.yaml
+++ b/internal/deploy/kustomize/daily/base/runtime-component-roles.yaml
@@ -132,6 +132,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -177,6 +178,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -190,6 +192,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
diff --git a/internal/deploy/kustomize/daily/overlays/watch-all-namespaces/cluster-roles.yaml b/internal/deploy/kustomize/daily/overlays/watch-all-namespaces/cluster-roles.yaml
index c3e12214..e1f6fa2a 100644
--- a/internal/deploy/kustomize/daily/overlays/watch-all-namespaces/cluster-roles.yaml
+++ b/internal/deploy/kustomize/daily/overlays/watch-all-namespaces/cluster-roles.yaml
@@ -121,6 +121,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -166,6 +167,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -179,6 +181,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
diff --git a/internal/deploy/kustomize/daily/overlays/watch-another-namespace/rco-watched-ns/watched-roles.yaml b/internal/deploy/kustomize/daily/overlays/watch-another-namespace/rco-watched-ns/watched-roles.yaml
index d483c6e9..7af0aada 100644
--- a/internal/deploy/kustomize/daily/overlays/watch-another-namespace/rco-watched-ns/watched-roles.yaml
+++ b/internal/deploy/kustomize/daily/overlays/watch-another-namespace/rco-watched-ns/watched-roles.yaml
@@ -74,6 +74,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -119,6 +120,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
@@ -132,6 +134,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:
diff --git a/scripts/update-sample.sh b/scripts/update-sample.sh
index 2a0d57b4..ed99f413 100755
--- a/scripts/update-sample.sh
+++ b/scripts/update-sample.sh
@@ -20,6 +20,7 @@ echo "sha is $SHA"
 
 files=" 
 config/samples/rc.app.stacks_v1_runtimecomponent.yaml
+config/samples/rc.app.stacks_v1beta2_runtimecomponent.yaml
 config/manager/manager.yaml
 internal/deploy/kustomize/daily/base/runtime-component-operator.yaml
 "