diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index cb04a602d7..b39d889404 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -116,6 +116,13 @@ rules: - patch - update - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/finalizers + - rosacontrolplanes/finalizers + verbs: + - update - apiGroups: - controlplane.cluster.x-k8s.io resources: @@ -127,12 +134,6 @@ rules: - patch - update - watch -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - rosacontrolplanes/finalizers - verbs: - - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: diff --git a/controlplane/eks/controllers/awsmanagedcontrolplane_controller.go b/controlplane/eks/controllers/awsmanagedcontrolplane_controller.go index 0aaa2cf867..1a3a3583d5 100644 --- a/controlplane/eks/controllers/awsmanagedcontrolplane_controller.go +++ b/controlplane/eks/controllers/awsmanagedcontrolplane_controller.go @@ -205,6 +205,7 @@ func (r *AWSManagedControlPlaneReconciler) SetupWithManager(ctx context.Context, // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=awsmachinepools;awsmachinepools/status,verbs=get;list;watch // +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=awsmanagedcontrolplanes,verbs=get;list;watch;update;patch;delete // +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=awsmanagedcontrolplanes/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=awsmanagedcontrolplanes/finalizers,verbs=update // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=awsclusterroleidentities;awsclusterstaticidentities;awsclustercontrolleridentities,verbs=get;list;watch // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=awsmanagedclusters;awsmanagedclusters/status,verbs=get;list;watch