fix: Allow kubevirt:default clusterRole to get,list kubevirts

Kubevirt resource is in category all.
`kubectl get all` or `virtctl permitted-devices` fails if
the user don't have the permissions to list Kubevirt resource.

Signed-off-by: fossedihelm <[email protected]>

manifests/generated/operator-csv.yaml.in

@@ -846,6 +846,13 @@ spec:
           - get
           - list
           - watch
+        - apiGroups:
+          - kubevirt.io
+          resources:
+          - kubevirts
+          verbs:
+          - get
+          - list
         - apiGroups:
           - subresources.kubevirt.io
           resources:

manifests/generated/rbac-operator.authorization.k8s.yaml.in

@@ -786,6 +786,13 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - kubevirt.io
+  resources:
+  - kubevirts
+  verbs:
+  - get
+  - list
 - apiGroups:
   - subresources.kubevirt.io
   resources:

pkg/virt-operator/resource/generate/rbac/cluster.go

@@ -112,6 +112,17 @@ func newDefaultClusterRole() *rbacv1.ClusterRole {
 			},
 		},
 		Rules: []rbacv1.PolicyRule{
+			{
+				APIGroups: []string{
+					GroupName,
+				},
+				Resources: []string{
+					ApiKubevirts,
+				},
+				Verbs: []string{
+					"get", "list",
+				},
+			},
 			{
 				APIGroups: []string{
 					virtv1.SubresourceGroupName,

pkg/virt-operator/resource/generate/rbac/cluster_test.go

@@ -55,6 +55,7 @@ var _ = Describe("Cluster role and cluster role bindings", func() {
 				expectExactRuleExists(clusterRole.Rules, apiGroup, resource, verbs...)
 
 			},
+				Entry(fmt.Sprintf("get and list %s/%s", GroupName, ApiKubevirts), GroupName, ApiKubevirts, "get", "list"),
 				Entry(fmt.Sprintf("get and list %s/%s", virtv1.SubresourceGroupName, ApiVersion), virtv1.SubresourceGroupName, ApiVersion, "get", "list"),
 				Entry(fmt.Sprintf("get and list %s/%s", virtv1.SubresourceGroupName, ApiGuestFs), virtv1.SubresourceGroupName, ApiGuestFs, "get", "list"),
 			)