From 9736ad85efbc36789922d6dfec66298b8672eb66 Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Sat, 23 Jan 2021 00:33:40 -0800
Subject: [PATCH] Add permission to add finalizers on custom resoures (#226)

xref: https://sdk.operatorframework.io/docs/faqs/#i-keep-hitting-errors-like-is-forbidden-cannot-set-blockownerdeletion-if-an-ownerreference-refers-to-a-resource-you-cant-set-finalizers-on-how-do-i-fix-this

Signed-off-by: Tamal Saha <tamal@appscode.com>
---
 .../templates/cluster-role.yaml               | 15 ++++++++++++
 .../templates/cluster-role.yaml               | 24 +++++++++++++------
 charts/kubedb/templates/cluster-role.yaml     | 16 ++++++++++++-
 3 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/charts/kubedb-autoscaler/templates/cluster-role.yaml b/charts/kubedb-autoscaler/templates/cluster-role.yaml
index 614a82830..e83ea451b 100644
--- a/charts/kubedb-autoscaler/templates/cluster-role.yaml
+++ b/charts/kubedb-autoscaler/templates/cluster-role.yaml
@@ -24,6 +24,21 @@ rules:
   resources:
   - "*"
   verbs: ["*"]
+- apiGroups:
+  - autoscaling.kubedb.com
+  resources:
+  - elasticsearchautoscalers/finalizers
+  - etcdautoscalers/finalizers
+  - mariadbautoscalers/finalizers
+  - memcachedautoscalers/finalizers
+  - mongodbautoscalers/finalizers
+  - mysqlautoscalers/finalizers
+  - perconaxtradbautoscalers/finalizers
+  - pgbouncerautoscalers/finalizers
+  - postgresautoscalers/finalizers
+  - proxysqlautoscalers/finalizers
+  - redisautoscalers/finalizers
+  verbs: ["update"]
 - apiGroups:
   - ""
   resources:
diff --git a/charts/kubedb-enterprise/templates/cluster-role.yaml b/charts/kubedb-enterprise/templates/cluster-role.yaml
index 997a5d342..fb3c2680e 100644
--- a/charts/kubedb-enterprise/templates/cluster-role.yaml
+++ b/charts/kubedb-enterprise/templates/cluster-role.yaml
@@ -48,16 +48,26 @@ rules:
   resources:
   - "*"
   verbs: ["*"]
+- apiGroups:
+  - ops.kubedb.com
+  resources:
+  - elasticsearchopsrequests/finalizers
+  - etcdopsrequests/finalizers
+  - mariadbopsrequests/finalizers
+  - memcachedopsrequests/finalizers
+  - mongodbopsrequests/finalizers
+  - mysqlopsrequests/finalizers
+  - perconaxtradbopsrequests/finalizers
+  - pgbounceropsrequests/finalizers
+  - postgresopsrequests/finalizers
+  - proxysqlopsrequests/finalizers
+  - redisopsrequests/finalizers
+  verbs: ["update"]
 - apiGroups:
   - cert-manager.io
   resources:
-  - certificates
-  - certificates/status
-  - issuers
-  - clusterissuers
-  - challenges
-  - orders
-  verbs: ["get", "list", "create", "delete", "patch", "update", "watch"]
+  - "*"
+  verbs: ["*"]
 - apiGroups:
   - ""
   resources:
diff --git a/charts/kubedb/templates/cluster-role.yaml b/charts/kubedb/templates/cluster-role.yaml
index c4724b24e..36b608542 100644
--- a/charts/kubedb/templates/cluster-role.yaml
+++ b/charts/kubedb/templates/cluster-role.yaml
@@ -87,10 +87,24 @@ rules:
 - apiGroups:
   - kubedb.com
   - catalog.kubedb.com
-  - authorization.kubedb.com
   resources:
   - "*"
   verbs: ["*"]
+- apiGroups:
+  - kubedb.com
+  resources:
+  - elasticsearches/finalizers
+  - etcds/finalizers
+  - mariadbs/finalizers
+  - memcacheds/finalizers
+  - mongodbs/finalizers
+  - mysqls/finalizers
+  - perconaxtradbs/finalizers
+  - pgbouncers/finalizers
+  - postgreses/finalizers
+  - proxysqls/finalizers
+  - redises/finalizers
+  verbs: ["update"]
 - apiGroups:
   - appcatalog.appscode.com
   resources: