From be17d8846af1f1a24691412829ffe79e697d4680 Mon Sep 17 00:00:00 2001
From: Richard Hrmo <rhrmo@redhat.com>
Date: Fri, 31 Oct 2025 11:25:22 +0100
Subject: [PATCH] add vsphere permissions for checking if users is authorized
 to see metrics

---
 assets/csidriveroperators/vsphere/06_clusterrole.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/assets/csidriveroperators/vsphere/06_clusterrole.yaml b/assets/csidriveroperators/vsphere/06_clusterrole.yaml
index 7a3bad8cd..d7d3d9c83 100644
--- a/assets/csidriveroperators/vsphere/06_clusterrole.yaml
+++ b/assets/csidriveroperators/vsphere/06_clusterrole.yaml
@@ -343,10 +343,16 @@ rules:
   - update
   - patch
   - delete
-# Allow kube-rbac-proxy to create TokenReview to be able to authenticate Prometheus when collecting metrics
+# Allow kube-rbac-proxy to create TokenReview and SubjectAccessReview to be able to authenticate Prometheus when collecting metrics
 - apiGroups:
   - "authentication.k8s.io"
   resources:
   - "tokenreviews"
   verbs:
   - "create"
+- apiGroups:
+  - "authorization.k8s.io"
+  resources:
+  - "subjectaccessreviews"
+  verbs:
+  - "create"