fix: Grant notes-related permissions to cloud owner, viewer, and editor roles. (#190)

JoseSzycho · web-flow · commit 6169471aed88 · 2026-03-13T11:41:01.000-03:00
This PR fixes an issue in which Datum users were not able to create notes under their domains. Users received the next error message when trying to create a note: ```json { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "notes.notes.miloapis.com is forbidden: User \"xxxxx@xxxxx.com\" cannot create resource \"notes\" in API group \"notes.miloapis.com\" in the namespace \"default\"", "reason": "Forbidden", "details": { "group": "notes.miloapis.com", "kind": "notes" }, "code": 403 } ``` Related to: https://discord.com/channels/1420159806496440412/1452783709295214805/1481416482809450640
diff --git a/config/assignable-organization-roles/roles/datum-cloud-editor.yaml b/config/assignable-organization-roles/roles/datum-cloud-editor.yaml
@@ -24,3 +24,5 @@ spec:
       namespace: milo-system
     - name: dns.networking.miloapis.com-dns-admin
       namespace: milo-system
+    - name: notes-editor
+      namespace: milo-system
diff --git a/config/assignable-organization-roles/roles/datum-cloud-owner.yaml b/config/assignable-organization-roles/roles/datum-cloud-owner.yaml
@@ -28,3 +28,5 @@ spec:
       namespace: milo-system
     - name: iam-user-invitations-admin
       namespace: milo-system
+    - name: notes-admin
+      namespace: milo-system
diff --git a/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml b/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml
@@ -26,3 +26,5 @@ spec:
       namespace: milo-system
     - name: activity.miloapis.com-audit-log-querier
       namespace: milo-system
+    - name: notes-viewer
+      namespace: milo-system
