`charts/gateway-operator/scripts/update-rbac-resources.sh` doesn't take KGO EE policy rules into account.

[pmalek]

Problem statement

charts/gateway-operator/scripts/update-rbac-resources.sh is used to update the RBAC resources in gateway-operator chart.

It does not take KGO EE RBAC rules into account hence running this on the current version of KGO repo yields a diff which would remove permissions:

diff --git a/charts/gateway-operator/templates/rbac-resources.yaml b/charts/gateway-operator/templates/rbac-resources.yaml
index 0f4af6b..647798a 100644
--- a/charts/gateway-operator/templates/rbac-resources.yaml
+++ b/charts/gateway-operator/templates/rbac-resources.yaml
@@ -126,18 +126,6 @@ rules:
   - create
   - delete
   - get
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - certificates
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - configuration.konghq.com
   resources:
@@ -488,14 +476,6 @@ rules:
   - get
   - patch
   - update
-- apiGroups:
-  - gateway-operator.konghq.com
-  resources:
-  - dataplanemetricsextensions
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - gateway-operator.konghq.com
   resources:

Proposed solution

• update the comment https://github.com/Kong/charts/blob/468ea40c2bab04b7c6b5c853f633d575e7fc8e53/charts/gateway-operator/scripts/update-rbac-resources.sh#L1-L17 and https://github.com/Kong/charts/blob/0e8c4b57206aee85545716f2596ab3fa72284f1b/charts/gateway-operator/templates/rbac-resources.yaml#L1-L4 to indicate how to generate RBAC resources with KGO EE policy rules
• add proper tests to account for that and ensure on CI that these generated manifests are always up to date.