From b16cce67355e5d4235bf485b05cf1d4b0476167c Mon Sep 17 00:00:00 2001
From: Maxim Patlasov <mpt@redhat.com>
Date: Thu, 2 Oct 2025 17:59:17 -0700
Subject: [PATCH] Add RBAC rule to let manila-csi-driver-operator manage
 NetworkPolicy in mgmt namespace

The operator needs permissions to publish and monitor NPs in the custom namespace `openshift-manila-csi-driver`. Previous PR (https://github.com/openshift/cluster-storage-operator/pull/615) missed mgmt case.
---
 ...o_v1_role_manila-csi-driver-operator-role.yaml | 12 ++++++++++++
 .../hypershift/mgmt/hypershift_role.patch.yaml    | 15 +++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/assets/csidriveroperators/openstack-manila/hypershift/mgmt/generated/rbac.authorization.k8s.io_v1_role_manila-csi-driver-operator-role.yaml b/assets/csidriveroperators/openstack-manila/hypershift/mgmt/generated/rbac.authorization.k8s.io_v1_role_manila-csi-driver-operator-role.yaml
index 992f9ea2c..5536c309d 100644
--- a/assets/csidriveroperators/openstack-manila/hypershift/mgmt/generated/rbac.authorization.k8s.io_v1_role_manila-csi-driver-operator-role.yaml
+++ b/assets/csidriveroperators/openstack-manila/hypershift/mgmt/generated/rbac.authorization.k8s.io_v1_role_manila-csi-driver-operator-role.yaml
@@ -85,3 +85,15 @@ rules:
   - replicasets
   verbs:
   - get
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - watch
+  - list
+  - get
+  - create
+  - delete
+  - patch
+  - update
diff --git a/assets/csidriveroperators/openstack-manila/hypershift/mgmt/hypershift_role.patch.yaml b/assets/csidriveroperators/openstack-manila/hypershift/mgmt/hypershift_role.patch.yaml
index 3f8ab95eb..1b30e093b 100644
--- a/assets/csidriveroperators/openstack-manila/hypershift/mgmt/hypershift_role.patch.yaml
+++ b/assets/csidriveroperators/openstack-manila/hypershift/mgmt/hypershift_role.patch.yaml
@@ -63,3 +63,18 @@
       - replicasets
     verbs:
       - get
+- op: "add"
+  path: "/rules/-"
+  value:
+    apiGroups:
+      - networking.k8s.io
+    resources:
+      - networkpolicies
+    verbs:
+      - watch
+      - list
+      - get
+      - create
+      - delete
+      - patch
+      - update