From f484b9e748ad776f7ecec0ed83a2b2424fde2dfc Mon Sep 17 00:00:00 2001
From: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Date: Thu, 8 May 2025 11:58:31 +0200
Subject: [PATCH] fix: role patching (#325)

Closes: #318

Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
---
 internal/cnpgi/operator/reconciler.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/internal/cnpgi/operator/reconciler.go b/internal/cnpgi/operator/reconciler.go
index 610b9a7..ec80f13 100644
--- a/internal/cnpgi/operator/reconciler.go
+++ b/internal/cnpgi/operator/reconciler.go
@@ -160,7 +160,13 @@ func (r ReconcilerImplementation) ensureRole(
 		"rules", newRole.Rules,
 	)
 
-	return r.Client.Patch(ctx, newRole, client.MergeFrom(&role))
+	oldRole := role.DeepCopy()
+
+	// Apply to the role the new rules
+	role.Rules = newRole.Rules
+
+	// Push it back to the API server
+	return r.Client.Patch(ctx, &role, client.MergeFrom(oldRole))
 }
 
 func (r ReconcilerImplementation) ensureRoleBinding(