fix:(issue #671) : By replace * per verbs in order to solve the issue…

… and make clear the permissions used.

**Description of the change:**

- replace * per verbs in order to solve the issue and make clear the permissions used.

**Motivation for the change:**

Closes #671

CHANGELOG.md

@@ -13,6 +13,7 @@
 - Replace in the Ansible based operators module tests `k8s_info` for `k8s_facts` which is deprecated. ([#2168](https://github.com/operator-framework/operator-sdk/issues/2168))
 - Upgrade the Ansible version from `2.8` to `2.9` on the Ansible based operators image. ([#2168](https://github.com/operator-framework/operator-sdk/issues/2168))
 - Updated CRD generation for non-Go operators to use valid structural schema. ([#2275](https://github.com/operator-framework/operator-sdk/issues/2275))
+- Replace Role verb `"*"` with list of verb strings in generated files so the Role is compatible with OpenShift and Kubernetes. ([#2175](https://github.com/operator-framework/operator-sdk/pull/2175))
 
 ### Deprecated
 

internal/scaffold/role.go

@@ -86,7 +86,15 @@ func UpdateRoleForResource(r *Resource, absProjectPath string) error {
 			// Using "*" to allow access to the resource and all its subresources e.g "memcacheds" and "memcacheds/finalizers"
 			// https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
 			pr.Resources = []string{"*"}
-			pr.Verbs = []string{"*"}
+			pr.Verbs = []string{
+				"create",
+				"delete",
+				"get",
+				"list",
+				"patch",
+				"update",
+				"watch",
+			}
 			role.Rules = append(role.Rules, *pr)
 		}
 
@@ -116,7 +124,15 @@ func UpdateRoleForResource(r *Resource, absProjectPath string) error {
 			// Using "*" to allow access to the resource and all its subresources e.g "memcacheds" and "memcacheds/finalizers"
 			// https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
 			pr.Resources = []string{"*"}
-			pr.Verbs = []string{"*"}
+			pr.Verbs = []string{
+				"create",
+				"delete",
+				"get",
+				"list",
+				"patch",
+				"update",
+				"watch",
+			}
 			role.Rules = append(role.Rules, *pr)
 		}
 
@@ -164,7 +180,13 @@ rules:
   - configmaps
   - secrets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -173,7 +195,13 @@ rules:
   - replicasets
   - statefulsets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 {{- end }}
 {{- range .CustomRules }}
 - verbs:

internal/scaffold/role_test.go

@@ -56,7 +56,15 @@ func TestRoleCustomRules(t *testing.T) {
 			{
 				APIGroups: []string{"policy"},
 				Resources: []string{"poddisruptionbudgets"},
-				Verbs:     []string{rbacv1.VerbAll},
+				Verbs: []string{
+					"create",
+					"delete",
+					"get",
+					"list",
+					"patch",
+					"update",
+					"watch",
+				},
 			},
 			{
 				APIGroups: []string{"rbac.authorization.k8s.io"},
@@ -91,7 +99,13 @@ rules:
   - configmaps
   - secrets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -100,7 +114,13 @@ rules:
   - replicasets
   - statefulsets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:
@@ -148,7 +168,13 @@ rules:
   - configmaps
   - secrets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -157,7 +183,13 @@ rules:
   - replicasets
   - statefulsets
   verbs:
-  - "*"
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:
@@ -194,7 +226,13 @@ metadata:
   name: app-operator
 rules:
 - verbs:
-  - "*"
+  - "create"
+  - "delete"
+  - "get"
+  - "list"
+  - "patch"
+  - "update"
+  - "watch"
   apiGroups:
   - "policy"
   resources: