OCPBUGS-78291: Allow azure-disk operator to read VolumeAttributeClasses

[jsafrane]

The driver supports volume modification and thus the operator need to be able to read VACs to grant these permissions to the driver sidecars.

cc @openshift/storage

[openshift-ci-robot]

@jsafrane: This pull request references Jira Issue OCPBUGS-78291, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The driver supports volume modification and thus the operator need to be able to read VACs to grant these permissions to the driver sidecars.

cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ed5dafa7-c94d-4ad3-a22a-ecd39e1e09f8

📥 Commits

Reviewing files that changed from the base of the PR and between f7b0b15 and 452ad9a.

⛔ Files ignored due to path filters (2)

• assets/csidriveroperators/azure-disk/hypershift/guest/generated/rbac.authorization.k8s.io_v1_clusterrole_azure-disk-csi-driver-operator-clusterrole.yaml is excluded by !**/generated/**
• assets/csidriveroperators/azure-disk/standalone/generated/rbac.authorization.k8s.io_v1_clusterrole_azure-disk-csi-driver-operator-clusterrole.yaml is excluded by !**/generated/**

📒 Files selected for processing (1)

• assets/csidriveroperators/azure-disk/base/06_clusterrole.yaml

---

Walkthrough

A new permission rule is added to the Azure Disk CSI driver operator's ClusterRole, granting get, list, and watch access to the volumeattributesclasses resource under the storage.k8s.io API group.

Changes

Cohort / File(s)	Summary
Kubernetes RBAC Permission assets/csidriveroperators/azure-disk/base/06_clusterrole.yaml	Added new ClusterRole rule granting get, list, and watch permissions for volumeattributesclasses resource under storage.k8s.io API group.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use TruffleHog to scan for secrets in your code with verification capabilities.

Add a TruffleHog config file (e.g. trufflehog-config.yml, trufflehog.yml) to your project to customize detectors and scanning behavior. The tool runs only when a config file is present.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jsafrane]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gnufied]

/lgtm

[duanwei33]

The permission has been added into the clusterrole.
/verified by @duanwei33

[openshift-ci-robot]

@duanwei33: This PR has been marked as verified by @duanwei33.

Details

In response to this:

The permission has been added into the clusterrole.
/verified by @duanwei33

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jsafrane: Jira Issue OCPBUGS-78291: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

• openshift/csi-operator#525 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-78291 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Details

In response to this:

The driver supports volume modification and thus the operator need to be able to read VACs to grant these permissions to the driver sidecars.

cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[duanwei33]

@radeore Do we need to verify the volume modifications feature here as well?

BTW, I think we need openshift/csi-operator#525 as well