RFE-7373 | feat: add permissions to delete ClusterSync(leases)

[andreadecorte]

As currently (Selector)SyncSet doesn't watch for secrets listed in Spec.SecretMappings, as a workaround we can delete the ClusterSyncLease for the CD to trigger a refresh of the secrets in case of need.

This commit adds the relevant permission to allow this flow.

Summary by CodeRabbit

• Chores
  • Updated permissions for cluster synchronization resource management to include deletion operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b4261b5a-f85c-44bd-90dc-52b7f91c41ef

📥 Commits

Reviewing files that changed from the base of the PR and between a5d0850 and a5964e4.

📒 Files selected for processing (2)

• config/rbac/hive_frontend_role.yaml
• pkg/operator/assets/bindata.go

---

Walkthrough

Adds the delete verb to hiveinternal.openshift.io resources (clustersyncs and clustersyncleases) within the hive_frontend RBAC role. The change appears in both the source configuration file and its embedded binary representation.

Changes

Cohort / File(s)	Summary
RBAC Permission Updates config/rbac/hive_frontend_role.yaml, pkg/operator/assets/bindata.go	Adds delete verb to hiveinternal.openshift.io resource permissions for clustersyncs and clustersyncleases in the hive_frontend ClusterRole.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main change: adding delete permissions for ClusterSync and ClusterSyncLease resources, which matches the changeset.
Stable And Deterministic Test Names	✅ Passed	The pull request contains only configuration file changes (RBAC YAML and generated bindata file) with no Ginkgo test code modifications, making the custom test naming check not applicable.
Test Structure And Quality	✅ Passed	The pull request does not modify any Ginkgo test files. The PR only changes RBAC configuration and auto-generated code, so the test quality check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

@andreadecorte: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.30%. Comparing base (a5d0850) to head (a5964e4).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2864   +/-   ##
=======================================
  Coverage   50.30%   50.30%           
=======================================
  Files         280      280           
  Lines       34309    34309           
=======================================
  Hits        17258    17258           
  Misses      15690    15690           
  Partials     1361     1361           

Files with missing lines	Coverage Δ
pkg/operator/assets/bindata.go	0.00% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[2uasimojo]

Sane.

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo, andreadecorte

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [2uasimojo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment