From eb4cfce3f85aba76f59734b36d9b98bf2be76031 Mon Sep 17 00:00:00 2001
From: Christian Schwede <cschwede@redhat.com>
Date: Thu, 25 Jan 2024 08:46:08 +0100
Subject: [PATCH] Add role and binding to update inventory configmap

A configmap update is required during the dataplane deployment.  The
deployment will update the configmap with the actual disks to be used by
Swift and their corresponding sizes, and the ring-rebalance pod will use
this information to update the swift rings.
---
 config/rbac/kustomization.yaml          |  1 +
 config/rbac/swift_configmap_update.yaml | 29 +++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 config/rbac/swift_configmap_update.yaml

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 731832a6..f60c5176 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- swift_configmap_update.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.
diff --git a/config/rbac/swift_configmap_update.yaml b/config/rbac/swift_configmap_update.yaml
new file mode 100644
index 00000000..a3ceba07
--- /dev/null
+++ b/config/rbac/swift_configmap_update.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: openstack
+  name: configmap-update
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - swift-edpm-inventory
+  verbs:
+  - update
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: configmap-update
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: configmap-update
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: openstack