[FIX] manager missing permission for captenantoutputs

Makefile

@@ -20,7 +20,7 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate ClusterRole & CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd paths="./..." output:crd:artifacts:config=config/crd
+	$(CONTROLLER_GEN) rbac:roleName=cap-operator-manager-role crd paths="./..." output:crd:artifacts:config=config/crd
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -88,8 +88,8 @@ LISTER_GEN ?= $(LOCALBIN)/lister-gen
 SETUP_ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-CONTROLLER_TOOLS_VERSION ?= v0.13.0
-CODE_GENERATOR_VERSION ?= v0.28.1
+CONTROLLER_TOOLS_VERSION ?= v0.16.3
+CODE_GENERATOR_VERSION ?= v0.31.1
 SETUP_ENVTEST_VERSION ?= latest
 
 .PHONY: controller-gen

config/crd/operator.sme.sap.com_capoperators.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   labels:
     app.kubernetes.io/name: capoperators.operator.sme.sap.com
     app.kubernetes.io/instance: capoperators.operator.sme.sap.com
@@ -28,24 +28,24 @@ spec:
         description: CAPOperator is the Schema for the CAPOperators API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
           spec:
             description: CAPOperatorSpec defines the desired state of CAPOperator
-            oneOf:
-            - required:
-              - ingressGatewayLabels
-            - required:
-              - dnsTarget
             properties:
               dnsTarget:
                 description: Public ingress URL for the cluster Load Balancer
@@ -116,6 +116,18 @@ spec:
                   description: InventoryItem represents a dependent object managed
                     by this operator.
                   properties:
+                    adoptionPolicy:
+                      description: Adoption policy.
+                      type: string
+                    applyOrder:
+                      description: Apply order.
+                      type: integer
+                    deleteOrder:
+                      description: Delete order.
+                      type: integer
+                    deletePolicy:
+                      description: Delete policy.
+                      type: string
                     digest:
                       description: Digest of the descriptor of the dependent object.
                       type: string
@@ -126,7 +138,7 @@ spec:
                       description: API kind.
                       type: string
                     managedTypes:
-                      description: Managed types
+                      description: Managed types.
                       items:
                         description: TypeInfo represents a Kubernetes type.
                         properties:
@@ -155,18 +167,29 @@ spec:
                     phase:
                       description: Phase of the dependent object.
                       type: string
+                    reconcilePolicy:
+                      description: Reconcile policy.
+                      type: string
                     status:
-                      description: Observed status of the dependent object, as observed
-                        by kstatus.
+                      description: Observed status of the dependent object.
+                      type: string
+                    updatePolicy:
+                      description: Update policy.
                       type: string
                     version:
                       description: API group version.
                       type: string
                   required:
+                  - adoptionPolicy
+                  - applyOrder
+                  - deleteOrder
+                  - deletePolicy
                   - digest
                   - group
                   - kind
                   - name
+                  - reconcilePolicy
+                  - updatePolicy
                   - version
                   type: object
                 type: array
@@ -179,13 +202,20 @@ spec:
               observedGeneration:
                 format: int64
                 type: integer
+              processingDigest:
+                type: string
+              processingSince:
+                format: date-time
+                type: string
               state:
-                description: Component state. Can be one of 'Ready', 'Processing',
-                  'Error', 'Deleting'.
+                description: Component state. Can be one of 'Ready', 'Pending', 'Processing',
+                  'DeletionPending', 'Deleting', 'Error'.
                 enum:
+                - Ready
+                - Pending
                 - Processing
+                - DeletionPending
                 - Deleting
-                - Ready
                 - Error
                 type: string
             required:

config/rbac/role.yaml

@@ -64,17 +64,6 @@ rules:
   - watch
 - apiGroups:
   - cert-manager.io
-  resources:
-  - certificates
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
   - cert.gardener.cloud
   resources:
   - certificates
@@ -145,6 +134,7 @@ rules:
   - capapplications
   - capapplicationversions
   - captenantoperations
+  - captenantoutputs
   - captenants
   verbs:
   - get

go.mod

@@ -4,7 +4,7 @@ go 1.23.1
 
 require (
 	github.com/pkg/errors v0.9.1
-	github.com/sap/component-operator-runtime v0.3.38
+	github.com/sap/component-operator-runtime v0.3.40
 	k8s.io/api v0.31.1
 	k8s.io/apiextensions-apiserver v0.31.1
 	k8s.io/apimachinery v0.31.1
@@ -44,7 +44,7 @@ require (
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/compress v1.17.10 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -78,7 +78,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect
-	k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect
+	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect
 	sigs.k8s.io/cli-utils v0.37.2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

go.sum

@@ -76,6 +76,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
 github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0=
+github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -116,6 +118,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/sap/component-operator-runtime v0.3.38 h1:gWQs1V5c2LczsNOw6IOd/dOsAeevOIIZZKK7+Er5O1M=
 github.com/sap/component-operator-runtime v0.3.38/go.mod h1:VrFEgBWwKdl+tIpHfb+oT8/LnqfwEbx5UmjvxFLlCh0=
+github.com/sap/component-operator-runtime v0.3.40 h1:y9xBdG/tYwLED9dzT0erHTvD3iQXYJMyh0DN177AflQ=
+github.com/sap/component-operator-runtime v0.3.40/go.mod h1:fOvb27YqQIv30YUxFc/XcjNKrYwrQ1XANu3z2MY22mU=
 github.com/sap/go-generics v0.2.19 h1:7jhLhM0Bnq8Rwl5aOIHOBJem1WJ/oLTugz9H2+HGjwA=
 github.com/sap/go-generics v0.2.19/go.mod h1:GLFl9wBPK5ucywnbhkoH/tCSQy+T3cc+KJtNlzt370M=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
@@ -213,6 +217,8 @@ k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUx
 k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA=
 k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA=
 k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI=
+k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg=
 sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco=
 sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=

main.go

@@ -13,7 +13,7 @@ package main
 // +kubebuilder:rbac:groups=dns.gardener.cloud,resources=dnsentries,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete;escalate;bind
-// +kubebuilder:rbac:groups="sme.sap.com",resources=capapplications;capapplicationversions;captenants;captenantoperations,verbs=get;list;watch
+// +kubebuilder:rbac:groups="sme.sap.com",resources=capapplications;capapplicationversions;captenants;captenantoperations;captenantoutputs,verbs=get;list;watch
 // +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=secrets;configmaps;pods;services;serviceaccounts;namespaces;events,verbs=get;list;watch;create;update;patch;delete