rbac: Audit * verbs of kubevirt-tekton-tasks

[jcanocan]

What this PR does / why we need it:
It drops * verbs of tekton tasks. For this purpose, the process followed is:

• Drop all tekton tasks permissions using * verbs.
• Run unit tests.
• Add required permissions.
• Run functional tests.
• Add required permissions.

The auditing process has been split in the next action items:

• Deploying the operator in a CRC cluster and running the unit and function test.
• Deploying the operator in a 3 masters and 3 workers nodes and running the unit and functional tests.

This process ensures that only strictly required permissions are added.

jira-ticket: CNV-24031

Which issue(s) this PR fixes:

Fixes # https://bugzilla.redhat.com/show_bug.cgi?id=2223775

Special notes for your reviewer:

Release note:

Replace `*`  tekton tasks verbs by individual verbs

[jcanocan]

/hold
This PR need to be merged first: kubevirt/kubevirt-tekton-tasks#259

[akrejcir]

Can you change the groups=* to groups=core everywhere?

[jcanocan]

Done. There are another files where groups=* or groups="" are used. I think this should be tackled in a follow-up PR.

[akrejcir]

/lgtm
/approve

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akrejcir

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [akrejcir]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codingben]

Hi, I already did the same change and changed groups to core in #641, but your PR also changes verbs which is good. Thanks :)

[jcanocan]

Yeah, I did it following your advice. So I'm the one should thank you 😊 In a follow-up, I plan to review all groups and switch them to core.

[jcanocan]

/retest-required

[jcanocan]

/hold cancel

[ksimon1]

/retest

[jcanocan]

/retest

[jcanocan]

/retest

[0xFelix]

/lgtm

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[0xFelix]

/lgtm

[jcanocan]

/retest-required

[jcanocan]

/cherry-pick release-v0.18

[kubevirt-bot]

@jcanocan: #684 failed to apply on top of branch "release-v0.18":

Applying: rbac: Audit `*` verbs from kubevirt-tekton-tasks
Using index info to reconstruct a base tree...
M	config/rbac/role.yaml
M	data/olm-catalog/ssp-operator.clusterserviceversion.yaml
A	internal/operands/tekton-tasks/reconcile.go
Falling back to patching base and 3-way merge...
Auto-merging internal/operands/tekton-tasks/tekton-tasks.go
CONFLICT (content): Merge conflict in internal/operands/tekton-tasks/tekton-tasks.go
Auto-merging data/olm-catalog/ssp-operator.clusterserviceversion.yaml
CONFLICT (content): Merge conflict in data/olm-catalog/ssp-operator.clusterserviceversion.yaml
Auto-merging config/rbac/role.yaml
CONFLICT (content): Merge conflict in config/rbac/role.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 rbac: Audit `*` verbs from kubevirt-tekton-tasks
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-v0.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.