From 8bc665376ddd2e0ee7dabdbd16c1f6d56f66b89f Mon Sep 17 00:00:00 2001
From: Qing Hao <qhao@redhat.com>
Date: Fri, 5 May 2023 09:48:41 +0800
Subject: [PATCH] update addon-manager permission (#348)

Signed-off-by: haoqing0110 <qhao@redhat.com>
---
 .../hub/cluster-manager-addon-manager-clusterrole.yaml     | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/manifests/cluster-manager/hub/cluster-manager-addon-manager-clusterrole.yaml b/manifests/cluster-manager/hub/cluster-manager-addon-manager-clusterrole.yaml
index 29eb399b2..0b8431f76 100644
--- a/manifests/cluster-manager/hub/cluster-manager-addon-manager-clusterrole.yaml
+++ b/manifests/cluster-manager/hub/cluster-manager-addon-manager-clusterrole.yaml
@@ -24,6 +24,9 @@ rules:
 - apiGroups: [ "addon.open-cluster-management.io" ]
   resources: [ "clustermanagementaddons/finalizers" ]
   verbs: [ "update" ]
+- apiGroups: [ "addon.open-cluster-management.io" ]
+  resources: [ "clustermanagementaddons/status" ]
+  verbs: ["update", "patch"]
 - apiGroups: ["addon.open-cluster-management.io"]
   resources: ["clustermanagementaddons"]
   verbs: ["get", "list", "watch"]
@@ -33,3 +36,7 @@ rules:
 - apiGroups: ["addon.open-cluster-management.io"]
   resources: ["managedclusteraddons/status"]
   verbs: ["update", "patch"]
+# Allow controller to read manifestworks 
+- apiGroups: ["work.open-cluster-management.io"]
+  resources: ["manifestworks"]
+  verbs: ["get", "list", "watch"]