From 361b2d17065c51a97d0286e364e56e355492d7bb Mon Sep 17 00:00:00 2001
From: Fred Rolland <frolland@nvidia.com>
Date: Mon, 18 Sep 2023 10:55:20 +0300
Subject: [PATCH] Add permission to update status

Add Role for updating NicClusterPolicy Status

Signed-off-by: Fred Rolland <frolland@nvidia.com>
---
 config/rbac/role.yaml                      | 8 ++++++++
 controllers/nicclusterpolicy_controller.go | 1 +
 2 files changed, 9 insertions(+)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 2036dd7d6..7127d4cc7 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -239,6 +239,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - mellanox.com
+  resources:
+  - nicclusterpolicies/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - monitoring.coreos.com
   resources:
diff --git a/controllers/nicclusterpolicy_controller.go b/controllers/nicclusterpolicy_controller.go
index 43b53fc23..b604cfb9d 100644
--- a/controllers/nicclusterpolicy_controller.go
+++ b/controllers/nicclusterpolicy_controller.go
@@ -57,6 +57,7 @@ type NicClusterPolicyReconciler struct {
 
 //nolint:lll
 // +kubebuilder:rbac:groups=mellanox.com,resources=nicclusterpolicies,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=mellanox.com,resources=nicclusterpolicies/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=security.openshift.io,resourceNames=privileged,resources=securitycontextconstraints,verbs=use
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=policy,resources=podsecuritypolicies,verbs=get;list;watch;create;update;patch;delete