Update hub RBAC to include Placement finalizer "update"

As per [1] when setting owner references to a resource and
specifically while setting blockOwnerDeletion to true, an
RBAC to update the finalizer of the resource set as the owner
is required.

This commit adds the required RBAC for the same.

[1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement

Signed-off-by: Shyamsundar Ranganathan <[email protected]>
(cherry picked from commit 11b7729)

config/hub/rbac/role.yaml

@@ -99,6 +99,12 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - cluster.open-cluster-management.io
+  resources:
+  - placements/finalizers
+  verbs:
+  - update
 - apiGroups:
   - policy.open-cluster-management.io
   resources:

config/rbac/role.yaml

@@ -103,7 +103,14 @@ rules:
   verbs:
   - get
   - list
+  - update
   - watch
+- apiGroups:
+  - cluster.open-cluster-management.io
+  resources:
+  - placements/finalizers
+  verbs:
+  - update
 - apiGroups:
   - ""
   resources:

controllers/drplacementcontrol_controller.go

@@ -566,7 +566,8 @@ func (r *DRPlacementControlReconciler) SetupWithManager(mgr ctrl.Manager) error
 // +kubebuilder:rbac:groups=core,resources=events,verbs=get;create;patch;update
 // +kubebuilder:rbac:groups=cluster.open-cluster-management.io,resources=placementdecisions,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=cluster.open-cluster-management.io,resources=placementdecisions/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=cluster.open-cluster-management.io,resources=placements,verbs=get;list;watch
+// +kubebuilder:rbac:groups=cluster.open-cluster-management.io,resources=placements,verbs=get;list;watch;update
+// +kubebuilder:rbac:groups=cluster.open-cluster-management.io,resources=placements/finalizers,verbs=update
 // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch
 // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete