From cafc17e6f2bcedf2953ebdf39359414cd0283c9f Mon Sep 17 00:00:00 2001 From: Miguel Duarte Barroso Date: Wed, 27 Sep 2023 12:59:29 +0200 Subject: [PATCH] build, controller: remove list and watch verbs from RBAC The virt-controller component only requires the `GET` RBAC permissions, thus, all others can be dropped. Signed-off-by: Miguel Duarte Barroso --- manifests/generated/operator-csv.yaml.in | 2 -- manifests/generated/rbac-operator.authorization.k8s.yaml.in | 2 -- pkg/virt-operator/resource/generate/rbac/controller.go | 4 +--- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/manifests/generated/operator-csv.yaml.in b/manifests/generated/operator-csv.yaml.in index 2e805bb91585..c8bfabd0f36a 100644 --- a/manifests/generated/operator-csv.yaml.in +++ b/manifests/generated/operator-csv.yaml.in @@ -635,8 +635,6 @@ spec: - network-attachment-definitions verbs: - get - - list - - watch - apiGroups: - apiextensions.k8s.io resources: diff --git a/manifests/generated/rbac-operator.authorization.k8s.yaml.in b/manifests/generated/rbac-operator.authorization.k8s.yaml.in index 71003061cce4..a14a9b2f5b40 100644 --- a/manifests/generated/rbac-operator.authorization.k8s.yaml.in +++ b/manifests/generated/rbac-operator.authorization.k8s.yaml.in @@ -575,8 +575,6 @@ rules: - network-attachment-definitions verbs: - get - - list - - watch - apiGroups: - apiextensions.k8s.io resources: diff --git a/pkg/virt-operator/resource/generate/rbac/controller.go b/pkg/virt-operator/resource/generate/rbac/controller.go index 335aacfbc5e3..0acce8541a9b 100644 --- a/pkg/virt-operator/resource/generate/rbac/controller.go +++ b/pkg/virt-operator/resource/generate/rbac/controller.go @@ -398,9 +398,7 @@ func newControllerClusterRole() *rbacv1.ClusterRole { Resources: []string{ "network-attachment-definitions", }, - Verbs: []string{ - "get", "list", "watch", - }, + Verbs: []string{"get"}, }, { APIGroups: []string{