From 5183cf2e15a95f450359adbd92ad87e6494186a3 Mon Sep 17 00:00:00 2001 From: Craig Brookes Date: Tue, 5 Nov 2024 07:30:29 +0000 Subject: [PATCH] remove secret perm as not using it (#974) Signed-off-by: craig rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED --- .../kuadrant-operator.clusterserviceversion.yaml | 10 +--------- charts/kuadrant-operator/templates/manifests.yaml | 8 -------- config/rbac/role.yaml | 8 -------- controllers/effective_tls_policies_reconciler.go | 3 +-- 4 files changed, 2 insertions(+), 27 deletions(-) diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index ee0177562..6d94036ae 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -106,7 +106,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/kuadrant-operator:latest - createdAt: "2024-10-31T12:05:38Z" + createdAt: "2024-11-04T15:47:12Z" description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 @@ -173,14 +173,6 @@ spec: - patch - update - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: diff --git a/charts/kuadrant-operator/templates/manifests.yaml b/charts/kuadrant-operator/templates/manifests.yaml index 74d2f6b15..1b01a5cd6 100644 --- a/charts/kuadrant-operator/templates/manifests.yaml +++ b/charts/kuadrant-operator/templates/manifests.yaml @@ -8436,14 +8436,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 2b2b0c1ef..75da3957c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -23,14 +23,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - apiGroups: - apps resources: diff --git a/controllers/effective_tls_policies_reconciler.go b/controllers/effective_tls_policies_reconciler.go index 1cf26ca4a..858f35f24 100644 --- a/controllers/effective_tls_policies_reconciler.go +++ b/controllers/effective_tls_policies_reconciler.go @@ -49,7 +49,6 @@ func (t *EffectiveTLSPoliciesReconciler) Subscription() *controller.Subscription //+kubebuilder:rbac:groups=kuadrant.io,resources=tlspolicies/finalizers,verbs=update //+kubebuilder:rbac:groups="cert-manager.io",resources=issuers,verbs=get;list;watch; //+kubebuilder:rbac:groups="cert-manager.io",resources=clusterissuers,verbs=get;list;watch; -//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch //+kubebuilder:rbac:groups="cert-manager.io",resources=certificates,verbs=get;list;watch;create;update;patch;delete func (t *EffectiveTLSPoliciesReconciler) Reconcile(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error { @@ -60,7 +59,7 @@ func (t *EffectiveTLSPoliciesReconciler) Reconcile(ctx context.Context, _ []cont return ok }) - // Get all certs in topology for comparison with expected certs to determine orphaned certs later + // Get all certs in the topology for comparison with expected certs to determine orphaned certs later // Only certs owned by TLSPolicies should be in the topology - no need to check again certs := lo.FilterMap(topology.Objects().Items(), func(item machinery.Object, index int) (*certmanv1.Certificate, bool) { r, ok := item.(*controller.RuntimeObject)