From 9b9feb5866f721641f10407bac3442f3e692a4fc Mon Sep 17 00:00:00 2001
From: Mahad Janjua <majanjua@amazon.com>
Date: Thu, 13 Feb 2025 12:20:33 -0800
Subject: [PATCH] [CWAgent][TEMP] Add permissions patching to CW Agent release
 tests

---
 .github/workflows/actions/patch_image_and_check_diff/action.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/actions/patch_image_and_check_diff/action.yml b/.github/workflows/actions/patch_image_and_check_diff/action.yml
index 18cea7a90..c6460daf7 100644
--- a/.github/workflows/actions/patch_image_and_check_diff/action.yml
+++ b/.github/workflows/actions/patch_image_and_check_diff/action.yml
@@ -140,6 +140,8 @@ runs:
       if: ${{ inputs.repository == 'amazon-cloudwatch-agent' }}
       shell: bash
       run: |
+        kubectl patch clusterrole cloudwatch-agent-role --type=json \
+        -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["discovery.k8s.io"], "resources": ["endpointslices"], "verbs": ["list", "watch", "get"]}}]'
         kubectl patch amazoncloudwatchagents -n amazon-cloudwatch cloudwatch-agent --type='json' -p='[{"op": "replace", "path": "/spec/image", "value": ${{ inputs.patch-image-arn }}}]'
         kubectl delete pods --all -n amazon-cloudwatch
         sleep 10