fix(rbac): add namespace list permission

sonasingh46 · k8s-infra-cherrypick-robot · commit d41d827d01e0 · 2022-02-15T20:28:09.000Z
This commit adds namespace list permission for capz
manager as it is needed by it in case of identity
reference on azurecluster object.

Signed-off-by: Ashutosh Kumar &lt;sonasingh46@gmail.com&gt;
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -16,6 +16,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - list
 - apiGroups:
   - ""
   resources:
diff --git a/controllers/azurecluster_controller.go b/controllers/azurecluster_controller.go
@@ -112,6 +112,7 @@ func (acr *AzureClusterReconciler) SetupWithManager(ctx context.Context, mgr ctr
 // +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=azuremachinetemplates;azuremachinetemplates/status,verbs=get;list;watch
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=azureclusteridentities;azureclusteridentities/status,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=list;
 
 // Reconcile idempotently gets, creates, and updates a cluster.
 func (acr *AzureClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, reterr error) {
