From b8796d32321c6103a0f95fb0464a5246b4214028 Mon Sep 17 00:00:00 2001
From: MegaByte875 <kevin.qiao@vesoft.com>
Date: Thu, 28 Sep 2023 18:11:26 +0800
Subject: [PATCH] add missing rbac annotations

---
 apis/apps/v1alpha1/nebularestore_types.go     |   2 +-
 .../nebula-operator/crds/nebularestores.yaml  |   2 +-
 .../apps.nebula-graph.io_nebularestores.yaml  |   2 +-
 config/rbac/role.yaml                         | 143 +++++++++---------
 doc/user/br_guide.md                          |   2 +-
 pkg/controller/autoscaler/autoscaler.go       |   2 +
 .../nebula_cluster_controller.go              |   6 +-
 .../nebula_restore_controller.go              |   8 +-
 8 files changed, 90 insertions(+), 77 deletions(-)

diff --git a/apis/apps/v1alpha1/nebularestore_types.go b/apis/apps/v1alpha1/nebularestore_types.go
index 1d399da3..b53cb5a6 100644
--- a/apis/apps/v1alpha1/nebularestore_types.go
+++ b/apis/apps/v1alpha1/nebularestore_types.go
@@ -26,7 +26,7 @@ import (
 // +genclient
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:shortName="rt"
+// +kubebuilder:resource:shortName="nr"
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`,description="The current status of the restore"
 // +kubebuilder:printcolumn:name="Started",type=date,JSONPath=`.status.timeStarted`,description="The time at which the restore was started"
 // +kubebuilder:printcolumn:name="Completed",type=date,JSONPath=`.status.timeCompleted`,description="The time at which the restore was completed"
diff --git a/charts/nebula-operator/crds/nebularestores.yaml b/charts/nebula-operator/crds/nebularestores.yaml
index de0f6a1f..752a7759 100644
--- a/charts/nebula-operator/crds/nebularestores.yaml
+++ b/charts/nebula-operator/crds/nebularestores.yaml
@@ -13,7 +13,7 @@ spec:
     listKind: NebulaRestoreList
     plural: nebularestores
     shortNames:
-    - rt
+    - nr
     singular: nebularestore
   scope: Namespaced
   versions:
diff --git a/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml b/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml
index de0f6a1f..752a7759 100644
--- a/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml
+++ b/config/crd/bases/apps.nebula-graph.io_nebularestores.yaml
@@ -13,7 +13,7 @@ spec:
     listKind: NebulaRestoreList
     plural: nebularestores
     shortNames:
-    - rt
+    - nr
     singular: nebularestore
   scope: Namespaced
   versions:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index fcba5659..c2066cd4 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -1,22 +1,14 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   name: manager-role
 rules:
 - apiGroups:
   - ""
   resources:
-  - nodes
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterrolebindings
-  - clusterroles
+  - configmaps
   verbs:
   - create
   - delete
@@ -28,26 +20,23 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - serviceaccounts
+  - events
   verbs:
   - create
-  - delete
-  - get
   - list
   - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
-  - secrets
+  - nodes
   verbs:
   - get
   - list
+  - watch
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - persistentvolumeclaims
   verbs:
   - create
   - delete
@@ -59,7 +48,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - endpoints
+  - persistentvolumes
   verbs:
   - create
   - delete
@@ -71,27 +60,26 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - events
+  - pods
   verbs:
   - create
+  - delete
+  - get
   - list
   - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
-  - persistentvolumeclaims
+  - secrets
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
-  - persistentvolumes
+  - serviceaccounts
   verbs:
   - create
   - delete
@@ -103,7 +91,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
+  - services
   verbs:
   - create
   - delete
@@ -113,9 +101,9 @@ rules:
   - update
   - watch
 - apiGroups:
-  - ""
+  - apps
   resources:
-  - services
+  - deployments
   verbs:
   - create
   - delete
@@ -128,7 +116,6 @@ rules:
   - apps
   resources:
   - statefulsets
-  - deployments
   verbs:
   - create
   - delete
@@ -176,62 +163,80 @@ rules:
   - patch
   - update
 - apiGroups:
-    - apps.nebula-graph.io
+  - apps.nebula-graph.io
   resources:
-    - nebularestores
+  - nebularestores
   verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
-    - apps.nebula-graph.io
+  - apps.nebula-graph.io
   resources:
-    - nebularestores/finalizers
+  - nebularestores/finalizers
   verbs:
-    - update
+  - update
 - apiGroups:
-    - apps.nebula-graph.io
+  - apps.nebula-graph.io
   resources:
-    - nebularestores/status
+  - nebularestores/status
   verbs:
-    - get
-    - patch
-    - update
+  - get
+  - patch
+  - update
 - apiGroups:
-    - autoscaling.nebula-graph.io
+  - autoscaling.nebula-graph.io
   resources:
-    - nebulaautoscalers
+  - nebulaautoscalers
   verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - autoscaling.nebula-graph.io
+  resources:
+  - nebulaautoscalers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
-    - autoscaling.nebula-graph.io
+  - metrics.k8s.io
   resources:
-    - nebulaautoscalers/finalizers
+  - pods
   verbs:
-    - update
+  - get
+  - list
+  - watch
 - apiGroups:
-    - autoscaling.nebula-graph.io
+  - rbac.authorization.k8s.io
   resources:
-    - nebulaautoscalers/status
+  - clusterrolebindings
   verbs:
-    - get
-    - patch
-    - update
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
-    - metrics.k8s.io
+  - rbac.authorization.k8s.io
   resources:
-    - pods
+  - clusterroles
   verbs:
-    - get
-    - list
-    - watch
\ No newline at end of file
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/doc/user/br_guide.md b/doc/user/br_guide.md
index 1d09cef1..7d880f4c 100644
--- a/doc/user/br_guide.md
+++ b/doc/user/br_guide.md
@@ -95,7 +95,7 @@ spec:
 
 ```shell
 $ kubectl apply -f apps_v1alpha1_nebularestore.yaml
-$ kubectl get rt restore1 -w
+$ kubectl get nr restore1 -w
 ```
 
 **Note:**
diff --git a/pkg/controller/autoscaler/autoscaler.go b/pkg/controller/autoscaler/autoscaler.go
index ab82786d..b1cb5285 100644
--- a/pkg/controller/autoscaler/autoscaler.go
+++ b/pkg/controller/autoscaler/autoscaler.go
@@ -186,10 +186,12 @@ func NewHorizontalController(
 	return hpaController, nil
 }
 
+// +kubebuilder:rbac:groups="metrics.k8s.io",resources=pods,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;list
 // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters/finalizers,verbs=update
 // +kubebuilder:rbac:groups=autoscaling.nebula-graph.io,resources=nebulaautoscalers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=autoscaling.nebula-graph.io,resources=nebulaautoscalers/status,verbs=get;update;patch
 
diff --git a/pkg/controller/nebulacluster/nebula_cluster_controller.go b/pkg/controller/nebulacluster/nebula_cluster_controller.go
index d3c0213e..ebab7efb 100644
--- a/pkg/controller/nebulacluster/nebula_cluster_controller.go
+++ b/pkg/controller/nebulacluster/nebula_cluster_controller.go
@@ -109,11 +109,15 @@ func NewClusterReconciler(mgr ctrl.Manager, enableKruise bool) (*ClusterReconcil
 	}, nil
 }
 
+// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch
+// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list
 // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;list
 // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters,verbs=get;list;watch;create;update;patch;delete
diff --git a/pkg/controller/nebularestore/nebula_restore_controller.go b/pkg/controller/nebularestore/nebula_restore_controller.go
index bcf24603..99fadf4c 100644
--- a/pkg/controller/nebularestore/nebula_restore_controller.go
+++ b/pkg/controller/nebularestore/nebula_restore_controller.go
@@ -59,12 +59,14 @@ func NewRestoreReconciler(mgr ctrl.Manager) (*Reconciler, error) {
 	}, nil
 }
 
+// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;list
 // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebulaclusters/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=restores/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=restores/finalizers,verbs=get;update;patch
-// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=restores,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebularestores,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebularestores/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=apps.nebula-graph.io,resources=nebularestores/finalizers,verbs=update
 
 func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (res reconcile.Result, retErr error) {
 	key := req.NamespacedName.String()