From 0256a9164379ea4d02f8cea9d9895c42b50160e0 Mon Sep 17 00:00:00 2001
From: Manish Regmi <manish.regmi@intel.com>
Date: Wed, 3 Jan 2024 12:34:38 -0500
Subject: [PATCH] privileged is not needed for openshift

Remove the privileged section as it is not needed for openshift.

Signed-off-by: Manish Regmi <manish.regmi@intel.com>
---
 deployments/operator/rbac/role.yaml | 2 --
 pkg/controllers/reconciler.go       | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/deployments/operator/rbac/role.yaml b/deployments/operator/rbac/role.yaml
index d1d3c92f9..b38b653c5 100644
--- a/deployments/operator/rbac/role.yaml
+++ b/deployments/operator/rbac/role.yaml
@@ -259,8 +259,6 @@ rules:
   - watch
 - apiGroups:
   - security.openshift.io
-  resourceNames:
-  - privileged
   resources:
   - securitycontextconstraints
   verbs:
diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go
index 83c75f862..7e5903063 100644
--- a/pkg/controllers/reconciler.go
+++ b/pkg/controllers/reconciler.go
@@ -52,7 +52,7 @@ const (
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=nodes/proxy,verbs=get;list
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=create
-// +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,resourceNames=privileged,verbs=use
+// +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,verbs=use
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,resourceNames=d1c7b6d5.intel.com,verbs=get;update
 
 // SharedObjectsFactory provides functions for creating service account and cluster rule binding objects.