#2680 Grant delete permissions for scheduled scans in auto-discovery

BorisShek · J12934 · commit eadb4f33d488 · 2025-01-28T18:30:38.000+01:00
Add missing delete permissions for ScheduledScans in auto-discovery.
Update `.helmignore` to exclude unused files, reducing Helm container size for local deployments.

Signed-off-by: Boris Shek &lt;boris.shek@iteratec.com&gt;
diff --git a/auto-discovery/kubernetes/.helmignore b/auto-discovery/kubernetes/.helmignore
@@ -15,4 +15,7 @@ main.go
 Makefile
 PROJECT
 auto-discovery-config.yaml
-./tests/
+./tests/
+docs/
+auto-discovery-kubernetes.tar
+pull-secret-extractor/
diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go
@@ -47,7 +47,7 @@ type ContainerAutoDiscoveryTemplateArgs struct {
 }
 
 // +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scantypes,verbs=get;list;watch
-// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="execution.securecodebox.io/status",resources=scheduledscans,verbs=get;update;patch
 // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=services/status,verbs=get
diff --git a/auto-discovery/kubernetes/controllers/service_scan_controller.go b/auto-discovery/kubernetes/controllers/service_scan_controller.go
@@ -48,7 +48,7 @@ type ServiceAutoDiscoveryTemplateArgs struct {
 const requeueInterval = 5 * time.Second
 
 // +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scantypes,verbs=get;list;watch
-// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="execution.securecodebox.io/status",resources=scheduledscans,verbs=get;update;patch
 // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=services/status,verbs=get
diff --git a/auto-discovery/kubernetes/templates/rbac/role.yaml b/auto-discovery/kubernetes/templates/rbac/role.yaml
@@ -64,6 +64,7 @@ rules:
   - scheduledscans
   verbs:
   - create
+  - delete
   - get
   - list
   - patch

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ type ContainerAutoDiscoveryTemplateArgs struct {`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scantypes,verbs=get;list;watch`
`50`		`-// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch`
	`50`	`+// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch;delete`
`51`	`51`	`// +kubebuilder:rbac:groups="execution.securecodebox.io/status",resources=scheduledscans,verbs=get;update;patch`
`52`	`52`	`// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch`
`53`	`53`	`// +kubebuilder:rbac:groups="",resources=services/status,verbs=get`
-Original file line number
+Diff line change
   - scheduledscans
   verbs:
   - create
 +  - delete
   - get
   - list
   - patch