From 169d2a3b97cffa422bdbd3679c9f108f8585fc95 Mon Sep 17 00:00:00 2001
From: jmontesi <100689165+jmontesi@users.noreply.github.com>
Date: Thu, 11 Apr 2024 09:36:10 +0200
Subject: [PATCH] Add a role to handle the resources created by the test CRD
 (#418)

* Add a role to handle the resources created by the test CRD

This allows the test "access-control-crd-roles" to run.
---
 scripts/delete-test-crds.sh           |  5 ++++-
 test-target/local-crd-under-test.yaml | 10 ++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/scripts/delete-test-crds.sh b/scripts/delete-test-crds.sh
index b09a8e22..412ed28a 100755
--- a/scripts/delete-test-crds.sh
+++ b/scripts/delete-test-crds.sh
@@ -6,5 +6,8 @@ SCRIPT_DIR=$(dirname "$0")
 # shellcheck disable=SC1091 # Not following.
 source "$SCRIPT_DIR"/init-env.sh
 
-# Delete test deployment
+# Delete role
+oc delete role crdexample-role -n "${TNF_EXAMPLE_CNF_NAMESPACE}" --ignore-not-found=true
+
+# Delete CRD
 oc delete crd crdexamples.test-network-function.com --ignore-not-found=true
diff --git a/test-target/local-crd-under-test.yaml b/test-target/local-crd-under-test.yaml
index ab61f59d..78e1e13f 100644
--- a/test-target/local-crd-under-test.yaml
+++ b/test-target/local-crd-under-test.yaml
@@ -49,3 +49,13 @@ spec:
         - name: Age
           jsonPath: .metadata.creationTimestamp
           type: date
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: tnf
+  name: crdexample-role
+rules:
+  - apiGroups: ["test-network-function.com"]
+    resources: ["crdexamples"]
+    verbs: ["get", "watch", "list"]