diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1374951312..fcb7310c3a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -56,32 +56,16 @@ rules: - ceph.rook.io resources: - cephblockpoolradosnamespaces - verbs: - - '*' - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - ceph.rook.io - resources: - cephblockpools + - cephclients - cephclusters - cephfilesystems + - cephfilesystemsubvolumegroups - cephnfses - cephobjectstores - cephobjectstoreusers - cephrbdmirrors verbs: - - '*' -- apiGroups: - - ceph.rook.io - resources: - - cephclients - - cephfilesystemsubvolumegroups - verbs: - create - delete - get diff --git a/controllers/storagecluster/reconcile.go b/controllers/storagecluster/reconcile.go index da409118ce..1c7edd2031 100644 --- a/controllers/storagecluster/reconcile.go +++ b/controllers/storagecluster/reconcile.go @@ -107,7 +107,7 @@ var validTopologyLabelKeys = []string{ } // +kubebuilder:rbac:groups=ocs.openshift.io,resources=*,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=ceph.rook.io,resources=cephclusters;cephblockpools;cephfilesystems;cephnfses;cephobjectstores;cephobjectstoreusers;cephrbdmirrors;cephblockpoolradosnamespaces,verbs=* +// +kubebuilder:rbac:groups=ceph.rook.io,resources=cephclusters;cephblockpools;cephfilesystems;cephnfses;cephobjectstores;cephobjectstoreusers;cephrbdmirrors;cephblockpoolradosnamespaces,verbs=get;list;watch;create;update;delete // +kubebuilder:rbac:groups=noobaa.io,resources=noobaas,verbs=get;list;watch;create;update;delete // +kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=watch;create;delete;get;list // +kubebuilder:rbac:groups=core,resources=pods;services;serviceaccounts;endpoints;persistentvolumes;persistentvolumeclaims;events;configmaps;secrets;nodes,verbs=* diff --git a/deploy/csv-templates/ocs-operator.csv.yaml.in b/deploy/csv-templates/ocs-operator.csv.yaml.in index 4ace3e3838..95e53c6a0b 100644 --- a/deploy/csv-templates/ocs-operator.csv.yaml.in +++ b/deploy/csv-templates/ocs-operator.csv.yaml.in @@ -227,32 +227,16 @@ spec: - ceph.rook.io resources: - cephblockpoolradosnamespaces - verbs: - - '*' - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - ceph.rook.io - resources: - cephblockpools + - cephclients - cephclusters - cephfilesystems + - cephfilesystemsubvolumegroups - cephnfses - cephobjectstores - cephobjectstoreusers - cephrbdmirrors verbs: - - '*' - - apiGroups: - - ceph.rook.io - resources: - - cephclients - - cephfilesystemsubvolumegroups - verbs: - create - delete - get diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml index 098e7be89d..3a37744850 100644 --- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml +++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml @@ -236,32 +236,16 @@ spec: - ceph.rook.io resources: - cephblockpoolradosnamespaces - verbs: - - '*' - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - ceph.rook.io - resources: - cephblockpools + - cephclients - cephclusters - cephfilesystems + - cephfilesystemsubvolumegroups - cephnfses - cephobjectstores - cephobjectstoreusers - cephrbdmirrors verbs: - - '*' - - apiGroups: - - ceph.rook.io - resources: - - cephclients - - cephfilesystemsubvolumegroups - verbs: - create - delete - get