Events patching added to ClusterRole

redhat-cop / resource-locker-operator

Apache License 2.0

30 stars 14 forks source link

Events patching added to ClusterRole #21

Closed BostjanBozic closed 4 years ago

BostjanBozic commented 4 years ago

If resource labels are to be patched, resource-locker-operator required capability to patch events.

Error observed:

events "test-complex-patch.162053c2da87466b" is forbidden: User "system:serviceaccount:resource-locker-operator:resource-locker-operator" cannot patch resource "events" in API group "" in the namespace "resource-locker-test"'

raffaelespazzoli commented 4 years ago

could you make the change with this:

  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create  
    - patch
    - update

thanks.

BostjanBozic commented 4 years ago

@raffaelespazzoli There we go, fixed.

One thing that I notied though is that it seems this is only required if you deploy operator straight from manifests or via Helm. If you use OLM, it does deploy operator without events permissions, yet it still works.

BostjanBozic commented 4 years ago

This seems to be a problem when deploying operator v0.1.2 with manifests in master branch.

I have built operator image from master and tested it without this ClusterRole adjustment, everything works without issues, so I will close this PR.