Merge pull request #659 from kubevirt-bot/cherry-pick-622-to-release-…

…v0.18

[release-v0.18] chore: Audit template validator RBAC rules.

config/rbac/role.yaml

@@ -268,7 +268,6 @@ rules:
   resources:
   - virtualmachines
   verbs:
-  - get
   - list
   - watch
 - apiGroups:

data/olm-catalog/ssp-operator.clusterserviceversion.yaml

@@ -329,7 +329,6 @@ spec:
           resources:
           - virtualmachines
           verbs:
-          - get
           - list
           - watch
         - apiGroups:

internal/operands/template-validator/reconcile.go

@@ -19,8 +19,8 @@ import (
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 
 // RBAC for created roles
-// +kubebuilder:rbac:groups=template.openshift.io,resources=templates,verbs=get;list;watch
-// +kubebuilder:rbac:groups=kubevirt.io,resources=virtualmachines,verbs=get;list;watch
+// +kubebuilder:rbac:groups=template.openshift.io,resources=templates,verbs=list;watch
+// +kubebuilder:rbac:groups=kubevirt.io,resources=virtualmachines,verbs=list;watch
 
 func WatchTypes() []operands.WatchType {
 	return []operands.WatchType{

internal/operands/template-validator/resources.go

@@ -62,11 +62,11 @@ func newClusterRole() *rbac.ClusterRole {
 		Rules: []rbac.PolicyRule{{
 			APIGroups: []string{templatev1.GroupName},
 			Resources: []string{"templates"},
-			Verbs:     []string{"get", "list", "watch"},
+			Verbs:     []string{"list", "watch"},
 		}, {
 			APIGroups: []string{kubevirt.GroupName},
 			Resources: []string{"virtualmachines"},
-			Verbs:     []string{"get", "list", "watch"},
+			Verbs:     []string{"list", "watch"},
 		}},
 	}
 }