From 2b94ceee2b9bec3e8115670a9bacc1548260d5a0 Mon Sep 17 00:00:00 2001
From: "n.fraison" <n.fraison@criteo.com>
Date: Thu, 23 Sep 2021 18:36:46 +0200
Subject: [PATCH] ceph: add missing rights rook-ceph-purge-osd account

The purge osd job need to read and update persistentvolumeclaims
While the job doesn't failed with osd and deployments well deleted, the associated pvc is not deleted by the job as it failed to read it

Signed-off-by: n.fraison <n.fraison@criteo.com>
---
 cluster/charts/rook-ceph-cluster/templates/role.yaml        | 2 +-
 cluster/charts/rook-ceph/templates/role.yaml                | 2 +-
 cluster/examples/kubernetes/ceph/common-second-cluster.yaml | 2 +-
 cluster/examples/kubernetes/ceph/common.yaml                | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cluster/charts/rook-ceph-cluster/templates/role.yaml b/cluster/charts/rook-ceph-cluster/templates/role.yaml
index 36719cab5c887..af88cd8fb8ff3 100644
--- a/cluster/charts/rook-ceph-cluster/templates/role.yaml
+++ b/cluster/charts/rook-ceph-cluster/templates/role.yaml
@@ -82,7 +82,7 @@ rules:
     verbs: ["get", "list", "delete" ]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
-    verbs: ["delete"]
+    verbs: ["get", "update", "delete"]
 
 {{- if .Values.monitoring.enabled }}
 ---
diff --git a/cluster/charts/rook-ceph/templates/role.yaml b/cluster/charts/rook-ceph/templates/role.yaml
index 70f899c5dc40d..c27c11cd5f49a 100644
--- a/cluster/charts/rook-ceph/templates/role.yaml
+++ b/cluster/charts/rook-ceph/templates/role.yaml
@@ -188,5 +188,5 @@ rules:
     verbs: ["get", "list", "delete" ]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
-    verbs: ["delete"]
+    verbs: ["get", "update", "delete"]
 {{- end }}
diff --git a/cluster/examples/kubernetes/ceph/common-second-cluster.yaml b/cluster/examples/kubernetes/ceph/common-second-cluster.yaml
index cbe12e5337dd5..e88e4230336d7 100644
--- a/cluster/examples/kubernetes/ceph/common-second-cluster.yaml
+++ b/cluster/examples/kubernetes/ceph/common-second-cluster.yaml
@@ -145,7 +145,7 @@ rules:
     verbs: ["get", "list", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
-    verbs: ["delete"]
+    verbs: ["get", "update", "delete"]
 ---
 # Allow the osd purge job to run in this namespace
 kind: RoleBinding
diff --git a/cluster/examples/kubernetes/ceph/common.yaml b/cluster/examples/kubernetes/ceph/common.yaml
index 51ae1d858d875..2ad6398570fce 100644
--- a/cluster/examples/kubernetes/ceph/common.yaml
+++ b/cluster/examples/kubernetes/ceph/common.yaml
@@ -1195,7 +1195,7 @@ rules:
     verbs: ["get", "list", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
-    verbs: ["delete"]
+    verbs: ["get", "update", "delete"]
 ---
 # Allow the osd purge job to run in this namespace
 kind: RoleBinding