crd rbac

metalbear-co · May 3, 2024 · bee54e8 · bee54e8
1 parent 6e6c7d9
commit bee54e8
Showing 1 changed file with 45 additions and 1 deletion.
diff --git a/mirrord/operator/src/setup.rs b/mirrord/operator/src/setup.rs
@@ -418,6 +418,28 @@ impl OperatorRole {
                     verbs: vec!["get".to_owned(), "list".to_owned(), "watch".to_owned()],
                     ..Default::default()
                 },
+                // For SQS controller to temporarily change deployments to use changed queues.
+                PolicyRule {
+                    api_groups: Some(vec![
+                        "apps".to_owned(),
+                    ]),
+                    resources: Some(vec![
+                        "deployments".to_owned(),
+                    ]),
+                    verbs: vec!["patch".to_owned()],
+                    ..Default::default()
+                },
+                // For SQS controller to temporarily change Argo Rollouts to use changed queues.
+                PolicyRule {
+                    api_groups: Some(vec![
+                        "argoproj.io".to_owned(),
+                    ]),
+                    resources: Some(vec![
+                        "rollouts".to_owned(),
+                    ]),
+                    verbs: vec!["patch".to_owned()],
+                    ..Default::default()
+                },
                 PolicyRule {
                     api_groups: Some(vec!["apps".to_owned(), "argoproj.io".to_owned()]),
                     resources: Some(vec![
@@ -467,7 +489,19 @@ impl OperatorRole {
                 PolicyRule {
                     api_groups: Some(vec!["splitters.mirrord.metalbear.co".to_owned()]),
                     resources: Some(vec![MirrordQueueSplitter::plural(&()).to_string()]),
-                    verbs: vec!["list".to_owned()],
+                    verbs: vec![
+                        "list".to_owned(),
+                    ],
+                    ..Default::default()
+                },
+                // Allow the SQS controller to update queue splitter status.
+                PolicyRule {
+                    api_groups: Some(vec!["splitters.mirrord.metalbear.co".to_owned()]),
+                    resources: Some(vec!["mirrordqueuesplitters/status".to_string()]),
+                    verbs: vec![
+                        // For setting the status in the SQS controller.
+                        "update".to_owned(),
+                    ],
                     ..Default::default()
                 },
                 // Allow the operator to control mirrord queue filters.
@@ -484,6 +518,16 @@ impl OperatorRole {
                     ],
                     ..Default::default()
                 },
+                // Allow the SQS controller to update queue splitter status.
+                PolicyRule {
+                    api_groups: Some(vec!["splitters.mirrord.metalbear.co".to_owned()]),
+                    resources: Some(vec!["mirrordsqssessions/status".to_string()]),
+                    verbs: vec![
+                        // For setting the status in the SQS controller.
+                        "update".to_owned(),
+                    ],
+                    ..Default::default()
+                },
             ]),
             ..Default::default()
         };