Generate RBAC role directly into Chart template, adapt hardcoded path.

[notandy]

helmify before did convert the controller-gen generated rbac role to
helm, but now we can just use it directly in the charts. Seperated out
the rbac role.
Should work as before.

Summary by CodeRabbit

• Chores
  • Renamed the operator manager role for clearer naming and consistency.
  • Reorganized RBAC templates and moved RBAC outputs into the chart templates for packaging.
  • Added a cluster-level role binding template and removed duplicate role/binding entries to avoid conflicts.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9242b863-9d5c-4bb5-882a-aab29f96c983

📥 Commits

Reviewing files that changed from the base of the PR and between 3431758 and 4357756.

📒 Files selected for processing (5)

• Makefile
• Makefile.maker.yaml
• charts/openstack-hypervisor-operator/templates/manager-clusterrolebinding.yaml
• charts/openstack-hypervisor-operator/templates/manager-rbac.yaml
• charts/openstack-hypervisor-operator/templates/role.yaml

---

📝 Walkthrough

Walkthrough

This PR reorganizes RBAC generation and Helm templates: controller-gen now emits RBAC artifacts into the chart templates directory and uses role name hypervisor-operator-manager-role; the ClusterRole name was updated, a dedicated ClusterRoleBinding template was added, and the previous combined manager RBAC file was removed.

Changes

RBAC Configuration Refactoring

Layer / File(s)	Summary
Build Configuration Makefile, Makefile.maker.yaml	controller-gen invocation updated to rbac:roleName=hypervisor-operator-manager-role and rbacOutputPath=charts/openstack-hypervisor-operator/templates.
Role Name Change charts/openstack-hypervisor-operator/templates/role.yaml	ClusterRole.metadata.name changed to hypervisor-operator-manager-role (rules unchanged).
Remove Legacy Combined RBAC charts/openstack-hypervisor-operator/templates/manager-rbac.yaml	Deleted legacy file that contained the previous ClusterRole and ClusterRoleBinding definitions (nodes, deployments, cert-manager, kvm.cloud.sap resources, PDBs, etc.).
Add Binding Template charts/openstack-hypervisor-operator/templates/manager-clusterrolebinding.yaml	New Helm template adding a ClusterRoleBinding that binds hypervisor-operator-manager-role to the operator ServiceAccount in the release namespace with chart labels.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• cobaltcore-dev/openstack-hypervisor-operator#299: Makes the same controller-gen and RBAC template changes (role rename, output path, removal/addition of RBAC templates).
• cobaltcore-dev/openstack-hypervisor-operator#273: Updated generated artifact paths from config/* to charts/openstack-hypervisor-operator/*, related to RBAC/CRD output location alignment.

Suggested reviewers

• toanju
• felix-kaestner
• fwiesel

Poem

I hopped through templates, neatly aligned,
A role renamed, its bindings defined.
Charts tidy now, with labels in place,
The operator dances—what a happy case! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: moving RBAC role generation directly into chart templates and adapting paths, which aligns with the changeset's core purpose.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch generate-rbac

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}