From 8a2a755f1d4554ecb776a0815e0e8cf4c9e04e01 Mon Sep 17 00:00:00 2001
From: Arun Kumar Mohan <amohan@redhat.com>
Date: Wed, 13 Dec 2023 17:43:32 +0530
Subject: [PATCH] Add 'persistentvolumeclaims' access permission for exporter

Following error messages are logged in ocs-metrics-exporter pod,

```
Failed to watch *v1.PersistentVolume: unable to sync list result:
failed to get node name for pod: failed to get PVC openshift-storage/db-noobaa-db-pg-0:
persistentvolumeclaims "db-noobaa-db-pg-0" is forbidden:
User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot get
resource "persistentvolumeclaims" in API group "" in the namespace "openshift-storage"
```

```
Failed to watch *v1.PersistentVolume: unable to sync list result:
failed to get node name for pod:
failed to list pods in namespace openshift-storage: pods is forbidden:
User "system:serviceaccount:openshift-storage:ocs-metrics-exporter" cannot list
resource "pods" in API group "" in the namespace "openshift-storage"
```

Adding resources, 'persistentvolumeclaims' and 'pods', to the existing roles.

Signed-off-by: Arun Kumar Mohan <amohan@redhat.com>
---
 controllers/storagecluster/exporter.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/storagecluster/exporter.go b/controllers/storagecluster/exporter.go
index 5850c6b8a2..300e1e875c 100644
--- a/controllers/storagecluster/exporter.go
+++ b/controllers/storagecluster/exporter.go
@@ -597,7 +597,7 @@ const expectedMetricExporterRoleJSON = `
 	"rules":[
 		{
 			"apiGroups":[""],
-			"resources":["secrets","configmaps"],
+			"resources":["secrets","configmaps","persistentvolumeclaims","pods"],
 			"verbs":["get","list","watch"]
 		},
 		{