From 8cc9b8e037f64956c2bf94bc5219fcfa1968a433 Mon Sep 17 00:00:00 2001
From: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
Date: Tue, 21 May 2024 10:35:29 +0000
Subject: [PATCH 1/4] add missing repository rbac roles for porch controllers

Signed-off-by: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
---
 controllers/packagevariants/config/rbac/role.yaml    | 8 ++++++++
 controllers/packagevariantsets/config/rbac/role.yaml | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/controllers/packagevariants/config/rbac/role.yaml b/controllers/packagevariants/config/rbac/role.yaml
index feede573..075d51cf 100644
--- a/controllers/packagevariants/config/rbac/role.yaml
+++ b/controllers/packagevariants/config/rbac/role.yaml
@@ -67,3 +67,11 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - config.porch.kpt.dev
+  resources:
+  - repositories
+  verbs:
+  - list
+  - watch
+  - get
diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml
index e403fa3f..448c8e17 100644
--- a/controllers/packagevariantsets/config/rbac/role.yaml
+++ b/controllers/packagevariantsets/config/rbac/role.yaml
@@ -61,3 +61,11 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.porch.kpt.dev
+  resources:
+  - repositories
+  verbs:
+  - list
+  - watch
+  - get

From b451c658a2478de230bc2aaffc5824fad32354b9 Mon Sep 17 00:00:00 2001
From: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
Date: Wed, 22 May 2024 09:53:37 +0000
Subject: [PATCH 2/4] Add rbac rules to pv/pvs go code instead of config files

Signed-off-by: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
---
 controllers/packagevariants/config/rbac/role.yaml      | 10 +---------
 .../packagevariant/packagevariant_controller.go        |  1 +
 controllers/packagevariantsets/config/rbac/role.yaml   |  8 --------
 .../packagevariantset/packagevariantset_controller.go  |  1 +
 4 files changed, 3 insertions(+), 17 deletions(-)

diff --git a/controllers/packagevariants/config/rbac/role.yaml b/controllers/packagevariants/config/rbac/role.yaml
index 075d51cf..2557a472 100644
--- a/controllers/packagevariants/config/rbac/role.yaml
+++ b/controllers/packagevariants/config/rbac/role.yaml
@@ -66,12 +66,4 @@ rules:
   - list
   - patch
   - update
-  - watch
-- apiGroups:
-  - config.porch.kpt.dev
-  resources:
-  - repositories
-  verbs:
-  - list
-  - watch
-  - get
+  - watch
\ No newline at end of file
diff --git a/controllers/packagevariants/pkg/controllers/packagevariant/packagevariant_controller.go b/controllers/packagevariants/pkg/controllers/packagevariant/packagevariant_controller.go
index d2f1c8cf..b20aaabb 100644
--- a/controllers/packagevariants/pkg/controllers/packagevariant/packagevariant_controller.go
+++ b/controllers/packagevariants/pkg/controllers/packagevariant/packagevariant_controller.go
@@ -70,6 +70,7 @@ const (
 //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariants/finalizers,verbs=update
 //+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisions,verbs=create;delete;get;list;patch;update;watch
 //+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisionresources,verbs=create;delete;get;list;patch;update;watch
+//+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=repositories,verbs=get;list;watch
 
 // Reconcile implements the main kubernetes reconciliation loop.
 func (r *PackageVariantReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml
index 448c8e17..e403fa3f 100644
--- a/controllers/packagevariantsets/config/rbac/role.yaml
+++ b/controllers/packagevariantsets/config/rbac/role.yaml
@@ -61,11 +61,3 @@ rules:
   - get
   - patch
   - update
-- apiGroups:
-  - config.porch.kpt.dev
-  resources:
-  - repositories
-  verbs:
-  - list
-  - watch
-  - get
diff --git a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go
index 292aa979..a02d7823 100644
--- a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go
+++ b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go
@@ -74,6 +74,7 @@ const (
 //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/finalizers,verbs=update
 //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariants,verbs=create;delete;get;list;patch;update;watch
 //+kubebuilder:rbac:groups=*,resources=*,verbs=list
+//+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=repositories,verbs=get;list;watch
 
 // Reconcile implements the main kubernetes reconciliation loop.
 func (r *PackageVariantSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {

From f268a690eb652195c1ba3c056fec89beb7b8aef0 Mon Sep 17 00:00:00 2001
From: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
Date: Wed, 22 May 2024 09:56:36 +0000
Subject: [PATCH 3/4] restore pv role.yaml

---
 controllers/packagevariants/config/rbac/role.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/packagevariants/config/rbac/role.yaml b/controllers/packagevariants/config/rbac/role.yaml
index 2557a472..feede573 100644
--- a/controllers/packagevariants/config/rbac/role.yaml
+++ b/controllers/packagevariants/config/rbac/role.yaml
@@ -66,4 +66,4 @@ rules:
   - list
   - patch
   - update
-  - watch
\ No newline at end of file
+  - watch

From 8ebf16d310c25bfb627a2575dee100ebceeddcfb Mon Sep 17 00:00:00 2001
From: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
Date: Wed, 22 May 2024 13:05:58 +0000
Subject: [PATCH 4/4] run make generate

Signed-off-by: Kushal Harish Naidu <kushal.harish.naidu@ericsson.com>
---
 controllers/packagevariants/config/rbac/role.yaml    | 8 ++++++++
 controllers/packagevariantsets/config/rbac/role.yaml | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/controllers/packagevariants/config/rbac/role.yaml b/controllers/packagevariants/config/rbac/role.yaml
index feede573..10e513d3 100644
--- a/controllers/packagevariants/config/rbac/role.yaml
+++ b/controllers/packagevariants/config/rbac/role.yaml
@@ -43,6 +43,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.porch.kpt.dev
+  resources:
+  - repositories
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - porch.kpt.dev
   resources:
diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml
index e403fa3f..03bb45bb 100644
--- a/controllers/packagevariantsets/config/rbac/role.yaml
+++ b/controllers/packagevariantsets/config/rbac/role.yaml
@@ -61,3 +61,11 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.porch.kpt.dev
+  resources:
+  - repositories
+  verbs:
+  - get
+  - list
+  - watch