Adds delete and patch permissions to clusterroles and clusterrolebindings

siddhibhor-56 · siddhibhor-56 · commit 1f50d9dcc5f8 · 2025-08-01T17:05:12.000+05:30
diff --git a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml
@@ -205,7 +205,7 @@ metadata:
     categories: Security
     console.openshift.io/disable-operand-delete: "true"
     containerImage: openshift.io/external-secrets-operator:latest
-    createdAt: "2025-07-31T09:00:51Z"
+    createdAt: "2025-08-01T10:58:49Z"
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "false"
     features.operators.openshift.io/csi: "false"
@@ -552,8 +552,10 @@ spec:
           - roles
           verbs:
           - create
+          - delete
           - get
           - list
+          - patch
           - update
           - watch
         - apiGroups:
@@ -635,7 +637,7 @@ spec:
                   value: ghcr.io/external-secrets/bitwarden-sdk-server:v0.4.2
                 - name: BITWARDEN_SDK_SERVER_IMAGE_VERSION
                   value: 0.4.2
-                image: openshift.io/external-secrets-operator:latest
+                image: quay.io/bharath-b-rh/external-secrets-operator:latest
                 livenessProbe:
                   httpGet:
                     path: /healthz
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -212,7 +212,9 @@ rules:
   - roles
   verbs:
   - create
+  - delete
   - get
   - list
+  - patch
   - update
   - watch
diff --git a/pkg/controller/external_secrets/controller.go b/pkg/controller/external_secrets/controller.go
@@ -96,7 +96,7 @@ type Reconciler struct {
 // +kubebuilder:rbac:groups=operator.openshift.io,resources=externalsecrets/finalizers,verbs=update
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update
 
-// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch;create;update
+// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups="",resources=events;secrets;services;serviceaccounts,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update

-Original file line number
+Diff line change
   - roles
   verbs:
   - create
 +  - delete
   - get
   - list
 +  - patch
   - update
   - watch