Add rbac permissions to access ResourceType on resource server

This add nonResourceURLs permissions to get and list /o2ims-infrastructureInventory/v1/resourceTypes endpoint Signed-off-by: Marcelo Guerrero <[email protected]>
openshift-kni · Nov 29, 2024 · edb61f7 · edb61f7
1 parent d44d3be
commit edb61f7
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/bundle/manifests/oran-o2ims.clusterserviceversion.yaml b/bundle/manifests/oran-o2ims.clusterserviceversion.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,6 +4,11 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- nonResourceURLs:
+  - /o2ims-infrastructureInventory/v1/resourceTypes
+  verbs:
+  - get
+  - list
 - apiGroups:
   - ""
   resources:

diff --git a/internal/controllers/inventory_controller.go b/internal/controllers/inventory_controller.go
@@ -69,6 +69,7 @@ import (
 //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch
 //+kubebuilder:rbac:groups="internal.open-cluster-management.io",resources=managedclusterinfos,verbs=get;list;watch
 //+kubebuilder:rbac:groups="config.openshift.io",resources=clusterversions,verbs=get;list;watch
+//+kubebuilder:rbac:urls="/o2ims-infrastructureInventory/v1/resourceTypes",verbs=get;list
 
 // Reconciler reconciles a Inventory object
 type Reconciler struct {
@@ -1040,6 +1041,15 @@ func (t *reconcilerTask) createAlarmServerClusterRole(ctx context.Context) error
 					"watch",
 				},
 			},
+			{
+				NonResourceURLs: []string{
+					"/o2ims-infrastructureInventory/v1/resourceTypes",
+				},
+				Verbs: []string{
+					"get",
+					"list",
+				},
+			},
 		},
 	}