added rbac permissions for manager

Signed-off-by: mzeevi <meytar80@gmail.com>
dana-team · May 7, 2024 · 59d9153 · 59d9153
1 parent 8b10414
commit 59d9153
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -24,6 +24,7 @@ import (
 	envwebhook "github.com/dana-team/env-route-ns-mutator/internal/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
+	configv1 "github.com/openshift/api/config/v1"
 	routev1 "github.com/openshift/api/route/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -45,6 +46,7 @@ var (
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(routev1.Install(scheme))
+	utilruntime.Must(configv1.Install(scheme))
 
 	//+kubebuilder:scaffold:scheme
 }

diff --git a/internal/webhook/namespace_webhook.go b/internal/webhook/namespace_webhook.go
@@ -22,6 +22,8 @@ type NamespaceMutator struct {
 
 const DefaultSchedulerAnnotation = "scheduler.alpha.kubernetes.io/defaultTolerations"
 
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;create;update;patch
+
 // +kubebuilder:webhook:path=/mutate-v1-namespace,mutating=true,failurePolicy=ignore,sideEffects=None,groups="",resources=namespaces,verbs=create;update,versions=v1,name=namespace.dana.io,admissionReviewVersions=v1;v1beta1
 
 func (r *NamespaceMutator) Handle(ctx context.Context, req admission.Request) admission.Response {

diff --git a/internal/webhook/route_webhook.go b/internal/webhook/route_webhook.go
@@ -27,6 +27,8 @@ type RouteMutator struct {
 
 const clusterIngressName = "cluster"
 
+// +kubebuilder:rbac:groups="route.openshift.io",resources=routes,verbs=get;list;watch;create;update;patch
+
 // +kubebuilder:webhook:path=/mutate-v1-route,mutating=true,failurePolicy=ignore,sideEffects=None,groups=route.openshift.io,resources=routes,verbs=create;update,versions=v1,name=route.dana.io,admissionReviewVersions=v1;v1beta1
 
 func (r *RouteMutator) Handle(ctx context.Context, req admission.Request) admission.Response {
@@ -52,11 +54,6 @@ func (r *RouteMutator) Handle(ctx context.Context, req admission.Request) admiss
 	}
 
 	environments := environment.GetEnvironments()
-	if err != nil {
-		logger.Error(err, "failed to get environments")
-		return admission.Errored(http.StatusInternalServerError, err)
-	}
-
 	r.handleInner(logger, &route, clusterIngress, environments, namespace.ObjectMeta.Labels)
 
 	marshaledRoute, err := json.Marshal(route)