From 7a6d5b710488d40d3bb19710d988beec7605955d Mon Sep 17 00:00:00 2001
From: Nick Fox <nick@nrfox.com>
Date: Mon, 9 Sep 2024 16:46:06 -0400
Subject: [PATCH] Grant kiali role list permissions for mutating webhooks
 (#279)

This is necessary to read tags in the cluster.
---
 kiali-operator/templates/clusterrole.yaml | 7 +++++++
 kiali-server/templates/role-viewer.yaml   | 7 +++++++
 kiali-server/templates/role.yaml          | 7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/kiali-operator/templates/clusterrole.yaml b/kiali-operator/templates/clusterrole.yaml
index 23bfb28..fc7931e 100644
--- a/kiali-operator/templates/clusterrole.yaml
+++ b/kiali-operator/templates/clusterrole.yaml
@@ -312,4 +312,11 @@ rules:
   - tokenreviews
   verbs:
   - create
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
 ...
diff --git a/kiali-server/templates/role-viewer.yaml b/kiali-server/templates/role-viewer.yaml
index 0811b20..cbe6d0d 100644
--- a/kiali-server/templates/role-viewer.yaml
+++ b/kiali-server/templates/role-viewer.yaml
@@ -92,5 +92,12 @@ rules:
   - {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
   verbs:
   - get
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
 ...
 {{- end -}}
diff --git a/kiali-server/templates/role.yaml b/kiali-server/templates/role.yaml
index de23cc5..74c574d 100644
--- a/kiali-server/templates/role.yaml
+++ b/kiali-server/templates/role.yaml
@@ -99,5 +99,12 @@ rules:
   - {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
   verbs:
   - get
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
 ...
 {{- end -}}