From 61900b4db303e1b02e96139b3f7a4341e09c1c7a Mon Sep 17 00:00:00 2001
From: Josh Lineaweaver <josh.lineaweaver@datadoghq.com>
Date: Wed, 23 Oct 2024 13:51:33 -0600
Subject: [PATCH] [Orch] Add additional permissions for operator to view CRDs

When using the Operator, we need additional permissions for CRDs. We
need to allow the cluster agent to view these custom resources and in
order to do that the operator needs permission to see them. This is
currently disabled by default
---
 .../datadog-operator/templates/clusterrole.yaml | 17 ++++++++++++++++-
 charts/datadog-operator/values.yaml             |  5 +++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml
index 1b90e330a..b06ec0a29 100644
--- a/charts/datadog-operator/templates/clusterrole.yaml
+++ b/charts/datadog-operator/templates/clusterrole.yaml
@@ -794,5 +794,20 @@ rules:
   - patch
   - update
 {{- end }}
+{{- if .Values.orchestratorExplorer.listAndWatchAll }}
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - list
+  - watch
+{{- end }}
 {{- end }}
-
diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml
index fbd4339e9..8064bfc49 100644
--- a/charts/datadog-operator/values.yaml
+++ b/charts/datadog-operator/values.yaml
@@ -190,3 +190,8 @@ livenessProbe:
   # timeoutSeconds: 1
   # successThreshold: 1
   # failureThreshold: 3
+
+# orchestratorExplorer -- Set specific configuration for orchestratorExplorer in the operator
+orchestratorExplorer:
+  #listAndWatchAll is required to allow the operator to view all custom resources
+  listAndWatchAll: false