From f75a566f853be6f00f34c96138ccfe5b2769ace4 Mon Sep 17 00:00:00 2001
From: Daniel Ruiz Capilla <crd1985@gmail.com>
Date: Thu, 16 Dec 2021 09:09:09 +0100
Subject: [PATCH] rgw: fix blockOwnerDeletion error

This restores the missing permissions to allow the object controller to
update the finalizers section in the spec. See https://sdk.operatorframework.io/docs/faqs/#after-deploying-my-operator-why-do-i-see-errors-like-is-forbidden-cannot-set-blockownerdeletion-if-an-ownerreference-refers-to-a-resource-you-cant-set-finalizers-on- for further reference

Signed-off-by: Daniel Ruiz Capilla <crd1985@gmail.com>
---
 deploy/charts/rook-ceph/templates/clusterrole.yaml | 5 +++++
 deploy/examples/common.yaml                        | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/deploy/charts/rook-ceph/templates/clusterrole.yaml b/deploy/charts/rook-ceph/templates/clusterrole.yaml
index 89570cffb4bdf..eb2382c28b850 100644
--- a/deploy/charts/rook-ceph/templates/clusterrole.yaml
+++ b/deploy/charts/rook-ceph/templates/clusterrole.yaml
@@ -288,6 +288,11 @@ rules:
     verbs:
       # OBC controller updates OBC and OB statuses
       - update
+  - apiGroups: ["objectbucket.io"]
+    resources: ["objectbucketclaims/finalizers", "objectbuckets/finalizers"]
+    verbs:
+      # OBC controller updates OBC and OB finalizers
+      - update
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml
index 6fae3544d47f8..df0a10dc729c0 100644
--- a/deploy/examples/common.yaml
+++ b/deploy/examples/common.yaml
@@ -464,6 +464,11 @@ rules:
     verbs:
       # OBC controller updates OBC and OB statuses
       - update
+  - apiGroups: ["objectbucket.io"]
+    resources: ["objectbucketclaims/finalizers", "objectbuckets/finalizers"]
+    verbs:
+      # OBC controller updates OBC and OB finalizers
+      - update
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1