Grant ns admin missing create RBAC for various CDI resources (#3031)

Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com> Co-authored-by: Alex Kalenyuk <akalenyu@redhat.com>
kubevirt · Dec 14, 2023 · 0dfa4e0 · 0dfa4e0
1 parent 8ab775d
commit 0dfa4e0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/pkg/operator/resources/cluster/rbac.go b/pkg/operator/resources/cluster/rbac.go
@@ -42,6 +42,11 @@ func getAdminPolicyRules() []rbacv1.PolicyRule {
 			},
 			Resources: []string{
 				"datavolumes",
+				"dataimportcrons",
+				"datasources",
+				"volumeimportsources",
+				"volumeuploadsources",
+				"volumeclonesources",
 			},
 			Verbs: []string{
 				"*",

diff --git a/tests/rbac_test.go b/tests/rbac_test.go
@@ -2,8 +2,6 @@ package tests
 
 import (
 	"context"
-	"fmt"
-	"reflect"
 	"time"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -217,6 +215,11 @@ var _ = Describe("Aggregated role definition tests", func() {
 			},
 			Resources: []string{
 				"datavolumes",
+				"dataimportcrons",
+				"datasources",
+				"volumeimportsources",
+				"volumeuploadsources",
+				"volumeclonesources",
 			},
 			Verbs: []string{
 				"*",
@@ -289,16 +292,7 @@ var _ = Describe("Aggregated role definition tests", func() {
 		clusterRole, err := f.K8sClient.RbacV1().ClusterRoles().Get(context.TODO(), role, metav1.GetOptions{})
 		Expect(err).ToNot(HaveOccurred())
 
-		for _, expectedRule := range rules {
-			found := false
-			for _, r := range clusterRole.Rules {
-				if reflect.DeepEqual(expectedRule, r) {
-					found = true
-					break
-				}
-			}
-			Expect(found).To(BeTrue(), fmt.Sprintf("Rule for resources %v should exist", expectedRule.Resources))
-		}
+		Expect(clusterRole.Rules).To(ContainElements(rules))
 	},
 		Entry("[test_id:3945]for admin", "admin", adminRules),
 		Entry("[test_id:3946]for edit", "edit", editRules),