controller: add pvc finalizer rbac for annotation controller

Rakshith-R · Rakshith-R · commit e70dfb720621 · 2022-01-31T10:55:40.000+05:30
Running pvc annotation controller on openshift throws the following error. ``` "reclaimspacecronjobs.csiaddons.openshift.io \"pvcrbd10-1643271677\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>" ``` Adding pvc finalizer rbac solves this issue. Signed-off-by: Rakshith R <rar@redhat.com> (cherry picked from commit b6c48cf)
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -30,6 +30,12 @@ rules:
   - list
   - patch
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims/finalizers
+  verbs:
+  - update
 - apiGroups:
   - csiaddons.openshift.io
   resources:
diff --git a/controllers/persistentvolumeclaim_controller.go b/controllers/persistentvolumeclaim_controller.go
@@ -55,6 +55,7 @@ const (
 )
 
 //+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=get;list;watch;patch
+//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims/finalizers,verbs=update
 //+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=get;list;watch;create;delete;update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ const (`
`55`	`55`	`)`
`56`	`56`
`57`	`57`	`//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=get;list;watch;patch`
	`58`	`+//+kubebuilder:rbac:groups=core,resources=persistentvolumeclaims/finalizers,verbs=update`
`58`	`59`	`//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=get;list;watch;create;delete;update`
`59`	`60`
`60`	`61`	`// Reconcile is part of the main kubernetes reconciliation loop which aims to`