From 5555f573216160d66f266a59e13d18b406c94745 Mon Sep 17 00:00:00 2001
From: Wen Zhou <wenzhou@redhat.com>
Date: Tue, 19 Nov 2024 14:22:54 +0100
Subject: [PATCH] fix: missing watch on prometheusrules from application
 namespace and verb watch on dashboard CR

Signed-off-by: Wen Zhou <wenzhou@redhat.com>
---
 ...opendatahub-operator.clusterserviceversion.yaml | 14 +++++++++++++-
 config/rbac/role.yaml                              | 12 ++++++++++++
 controllers/datasciencecluster/kubebuilder_rbac.go |  8 ++++----
 main.go                                            |  6 ++++--
 4 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml b/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml
index 1989bdc167f..f413d22c831 100644
--- a/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml
@@ -103,7 +103,7 @@ metadata:
     categories: AI/Machine Learning, Big Data
     certified: "False"
     containerImage: quay.io/opendatahub/opendatahub-operator:v2.19.0
-    createdAt: "2024-11-01T10:08:53Z"
+    createdAt: "2024-11-19T13:21:31Z"
     olm.skipRange: '>=1.0.0 <2.19.0'
     operators.operatorframework.io/builder: operator-sdk-v1.31.0
     operators.operatorframework.io/internal-objects: '["featuretrackers.features.opendatahub.io",
@@ -516,6 +516,7 @@ spec:
           - get
           - list
           - patch
+          - watch
         - apiGroups:
           - controller-runtime.sigs.k8s.io
           resources:
@@ -623,6 +624,15 @@ spec:
           - dashboard.opendatahub.io
           resources:
           - acceleratorprofiles
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+        - apiGroups:
+          - dashboard.opendatahub.io
+          resources:
           - odhapplications
           - odhdocuments
           verbs:
@@ -631,6 +641,7 @@ spec:
           - get
           - list
           - patch
+          - watch
         - apiGroups:
           - datasciencecluster.opendatahub.io
           resources:
@@ -869,6 +880,7 @@ spec:
           - get
           - list
           - patch
+          - watch
         - apiGroups:
           - monitoring.coreos.com
           resources:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 40a8cc1e810..c342df935d8 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -268,6 +268,7 @@ rules:
   - get
   - list
   - patch
+  - watch
 - apiGroups:
   - controller-runtime.sigs.k8s.io
   resources:
@@ -375,6 +376,15 @@ rules:
   - dashboard.opendatahub.io
   resources:
   - acceleratorprofiles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+- apiGroups:
+  - dashboard.opendatahub.io
+  resources:
   - odhapplications
   - odhdocuments
   verbs:
@@ -383,6 +393,7 @@ rules:
   - get
   - list
   - patch
+  - watch
 - apiGroups:
   - datasciencecluster.opendatahub.io
   resources:
@@ -621,6 +632,7 @@ rules:
   - get
   - list
   - patch
+  - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:
diff --git a/controllers/datasciencecluster/kubebuilder_rbac.go b/controllers/datasciencecluster/kubebuilder_rbac.go
index 1abe9e631d7..3ad0db2b5bb 100644
--- a/controllers/datasciencecluster/kubebuilder_rbac.go
+++ b/controllers/datasciencecluster/kubebuilder_rbac.go
@@ -135,9 +135,9 @@ package datasciencecluster
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=dashboards/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=dashboards/finalizers,verbs=create;get;list;patch;update;use;watch
 // +kubebuilder:rbac:groups="opendatahub.io",resources=odhdashboardconfigs,verbs=create;get;patch;watch;update;delete;list
-// +kubebuilder:rbac:groups="console.openshift.io",resources=odhquickstarts,verbs=create;get;patch;list;delete
-// +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhdocuments,verbs=create;get;patch;list;delete
-// +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhapplications,verbs=create;get;patch;list;delete
+// +kubebuilder:rbac:groups="console.openshift.io",resources=odhquickstarts,verbs=create;get;patch;list;delete;watch
+// +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhdocuments,verbs=create;get;patch;list;delete;watch
+// +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhapplications,verbs=create;get;patch;list;delete;watch
 // +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=acceleratorprofiles,verbs=create;get;patch;list;delete
 // +kubebuilder:rbac:groups="user.openshift.io",resources=groups,verbs=get;create;list;watch;patch;delete
 // +kubebuilder:rbac:groups="console.openshift.io",resources=consolelinks,verbs=create;get;patch;delete
@@ -154,7 +154,7 @@ package datasciencecluster
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=kueues,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=kueues/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=kueues/finalizers,verbs=update
-// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;create;patch;delete;deletecollection;list
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;create;patch;delete;deletecollection;list;watch
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=podmonitors,verbs=get;create;delete;update;watch;list;patch
 
 // TODO: CFO
diff --git a/main.go b/main.go
index 3677e27ff3b..b8b0f9da121 100644
--- a/main.go
+++ b/main.go
@@ -34,7 +34,7 @@ import (
 	userv1 "github.com/openshift/api/user/v1"
 	ofapiv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 	ofapiv2 "github.com/operator-framework/api/pkg/operators/v2"
-	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+	promv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -111,7 +111,7 @@ func init() { //nolint:gochecknoinits
 	utilruntime.Must(apiextensionsv1.AddToScheme(scheme))
 	utilruntime.Must(admissionregistrationv1.AddToScheme(scheme))
 	utilruntime.Must(apiregistrationv1.AddToScheme(scheme))
-	utilruntime.Must(monitoringv1.AddToScheme(scheme))
+	utilruntime.Must(promv1.AddToScheme(scheme))
 	utilruntime.Must(operatorv1.Install(scheme))
 	utilruntime.Must(consolev1.AddToScheme(scheme))
 	utilruntime.Must(securityv1.Install(scheme))
@@ -232,6 +232,8 @@ func main() { //nolint:funlen,maintidx
 			},
 			// for prometheus and black-box deployment and ones we owns
 			&appsv1.Deployment{}: {Namespaces: deploymentCache},
+			// kueue need prometheusrules
+			&promv1.PrometheusRule{}: {Namespaces: deploymentCache},
 		},
 	}