Allow edit/admin user to create migration via virtctl

Add `virtualmachines/migrate` resource to edit and admin clusterrole. Edit and admin users was able to create a virtualmachineinstacemigration posting a CR, but was not authorized using `virtctl migrate <vm-name>`` returning 'User <name> cannot update resource "virtualmachines/migrate" in API group "subresources.kubevirt.io" in the namespace <namespace>'. This happens because edit and admin user was not granted to make requests to the subresource "virtualmachines/migrate" of "subresources.kubevirt.io" Signed-off-by: fossedihelm <[email protected]>
zyjj1 · May 13, 2022 · a1e9c65 · a1e9c65
1 parent 898b82a
commit a1e9c65
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/manifests/generated/operator-csv.yaml.in b/manifests/generated/operator-csv.yaml.in
@@ -761,6 +761,7 @@ spec:
           - virtualmachines/restart
           - virtualmachines/addvolume
           - virtualmachines/removevolume
+          - virtualmachines/migrate
           verbs:
           - update
         - apiGroups:
@@ -861,6 +862,7 @@ spec:
           - virtualmachines/restart
           - virtualmachines/addvolume
           - virtualmachines/removevolume
+          - virtualmachines/migrate
           verbs:
           - update
         - apiGroups:

diff --git a/manifests/generated/rbac-operator.authorization.k8s.yaml.in b/manifests/generated/rbac-operator.authorization.k8s.yaml.in
@@ -663,6 +663,7 @@ rules:
   - virtualmachines/restart
   - virtualmachines/addvolume
   - virtualmachines/removevolume
+  - virtualmachines/migrate
   verbs:
   - update
 - apiGroups:
@@ -763,6 +764,7 @@ rules:
   - virtualmachines/restart
   - virtualmachines/addvolume
   - virtualmachines/removevolume
+  - virtualmachines/migrate
   verbs:
   - update
 - apiGroups:

diff --git a/pkg/virt-operator/resource/generate/rbac/cluster.go b/pkg/virt-operator/resource/generate/rbac/cluster.go
@@ -176,6 +176,7 @@ func newAdminClusterRole() *rbacv1.ClusterRole {
 					"virtualmachines/restart",
 					"virtualmachines/addvolume",
 					"virtualmachines/removevolume",
+					"virtualmachines/migrate",
 				},
 				Verbs: []string{
 					"update",
@@ -304,6 +305,7 @@ func newEditClusterRole() *rbacv1.ClusterRole {
 					"virtualmachines/restart",
 					"virtualmachines/addvolume",
 					"virtualmachines/removevolume",
+					"virtualmachines/migrate",
 				},
 				Verbs: []string{
 					"update",