fix: Add missing impersonate rule (#845)

varshab1210 · web-flow · commit 01738f473fd6 · 2025-02-25T12:00:42.000Z
* Add missing permission in clusterrole

Signed-off-by: Varsha B &lt;vab@redhat.com&gt;

* test change

Signed-off-by: Varsha B &lt;vab@redhat.com&gt;

---------

Signed-off-by: Varsha B &lt;vab@redhat.com&gt;
diff --git a/controllers/argocd/openshift/openshift.go b/controllers/argocd/openshift/openshift.go
@@ -333,6 +333,17 @@ func policyRulesForClusterConfig() []rbacv1.PolicyRule {
 				"*",
 			},
 		},
+		{
+			APIGroups: []string{
+				"",
+			},
+			Resources: []string{
+				"serviceaccounts",
+			},
+			Verbs: []string{
+				"impersonate",
+			},
+		},
 	}
 }
 
diff --git a/controllers/argocd/openshift/openshift_test.go b/controllers/argocd/openshift/openshift_test.go
@@ -45,8 +45,7 @@ func TestReconcileArgoCD_reconcileMultipleClusterRoles(t *testing.T) {
 	a := makeTestArgoCDForClusterConfig()
 	testApplicableClusterRole := &rbacv1.ClusterRole{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      a.Name + "-" + a.Namespace + "-" + testApplicationController,
-			Namespace: a.Namespace,
+			Name: a.Name + "-" + a.Namespace + "-" + testApplicationController,
 		},
 		Rules: makeTestPolicyRules(),
 	}
