marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-01-11 05:13:10 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: add cluster/finalizers update permission (#465)

Browse Source 
Add the required missing permission to operate in k8s
environments where the Admission Controller
Plugin "OwnerReferencesPermissionEnforcement"
is enabled.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
This commit is contained in:
Gabriele Fedi 2025-08-14 22:55:25 +02:00 committed by GitHub
parent 3a770798c7
commit e0c8b64470
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -45,7 +45,7 @@ help: ## Display this help.
.PHONY: manifests .PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) rbac:roleName=plugin-barman-cloud crd webhook paths="./api/..." output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) rbac:roleName=plugin-barman-cloud crd webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
.PHONY: generate .PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.

6
config/rbac/role.yaml
View File

@ -48,6 +48,12 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
verbs:
- update
- apiGroups: - apiGroups:
- rbac.authorization.k8s.io - rbac.authorization.k8s.io
resources: resources:

1
internal/controller/objectstore_controller.go
View File

@ -37,6 +37,7 @@ type ObjectStoreReconciler struct {
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;patch;update;get;list;watch // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;patch;update;get;list;watch
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;patch;update;get;list;watch // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;patch;update;get;list;watch
// +kubebuilder:rbac:groups="",resources=secrets,verbs=create;list;get;watch;delete // +kubebuilder:rbac:groups="",resources=secrets,verbs=create;list;get;watch;delete
// +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=clusters/finalizers,verbs=update
// +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=backups,verbs=get;list;watch // +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=backups,verbs=get;list;watch
// +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores/status,verbs=get;update;patch // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores/status,verbs=get;update;patch

6
manifest.yaml
View File

@ -807,6 +807,12 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
verbs:
- update
- apiGroups: - apiGroups:
- rbac.authorization.k8s.io - rbac.authorization.k8s.io
resources: resources: