Bug 2223775

Summary: global permission found for ssp operator in cnv csv.spec.install.spec.clusterPermissions
Product: Container Native Virtualization (CNV) Reporter: Debarati Basu-Nag <dbasunag>
Component: InfrastructureAssignee: Javier Cano Cano <jcanocan>
Status: NEW --- QA Contact: Geetika Kapoor <gkapoor>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.14.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ssp operator rules none

Description Debarati Basu-Nag 2023-07-18 20:18:09 UTC 
Created attachment 1976389 [details]
ssp operator rules

Description of problem: With CNV-v4.14.0.rhel9-1274, for ssp operator we are seeing global permission set for multiple rules. Since https://issues.redhat.com/browse/CNV-24031 is now closed, opening this bug to track the current failures.


Version-Release number of selected component (if applicable):
CNV-v4.14.0.rhel9-1274

How reproducible:
100%

Steps to Reproduce:
1. Check csv.spec.install.spec.clusterPermissions for ssp-operator
2.
3.

Actual results:
================
- apiGroups:
  - '*'
  resources:
  - persistentvolumeclaims
  verbs:
  - '*'
- apiGroups:
  - '*'
  resources:
  - secrets
  verbs:
  - '*'
- apiGroups:
  - cdi.kubevirt.io
  resources:
  - datavolumes
  verbs:
  - '*'
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - kubevirt.io
  resources:
  - virtualmachines/finalizers
  verbs:
  - '*'
===============

Expected results:
No global permission for ssp operator should be present.

Additional info: