Error RBAC for vpcAssociationPolicies missing update status

[allamand]

The controller needs to update the status of vpcAssociationPolicies objects, but it is missing when deployed with the helm chart

aws-gateway-api-controller-aws-gateway-controller-chart-5fhcqpx manager {"level":"info","ts":"2023-11-20T14:58:24.802Z","logger":"controller.vpc-association-policy","caller":"controllers/vpcassociationpolicy_controller.go:82","msg":"reconcile error, retry in 30 sec: vpcassociationpolicies.application-networking.k8s.aws \"app-services-gw\" is forbidden: User \"system:serviceaccount:aws-application-networking-system:gateway-api-controller\" cannot update resource \"vpcassociationpolicies/status\" in API group \"application-networking.k8s.aws\" in the namespace \"app-services-gw\""}

[zijun726911]

Thanks for reporting this bug, we will fix it asap. Seems the controller miss the vpcassociationpolicies/status and targetgrouppolicies/status permission in the: https://github.com/aws/aws-application-networking-k8s/blob/6dcbd36f924d0d48929a7ca60bfc1b96435b3a71/config/rbac/cluster-role-controller.yaml https://github.com/aws/aws-application-networking-k8s/blob/6dcbd36f924d0d48929a7ca60bfc1b96435b3a71/helm/templates/cluster-role-controller.yaml