Fix delete permissions

Author: yishaynaPalo

charts/konnector/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: konnector
 description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management.
 type: application
-version: 1.0.5
+version: 1.0.6
 appVersion: "1.0.0"
 maintainers:
   - name: Palo Alto Networks - Cortex KSPM team

charts/konnector/templates/batch.yaml

@@ -49,10 +49,7 @@ spec:
                     echo -e "\033[32mSuccessfully uninstalled {{ .Values.system.K8sManager.ReleaseName }}.\033[0m";
                     exit 0
                   else
-                    echo -e "\033[31mWe attempted to uninstall all related components, but an internal cleanup step failed. \n\
-                          As a result, some resources may not have been fully removed. \n\
-                          To complete the uninstallation manually, please run the following command: \n \
-                          helm uninstall {{ .Values.system.K8sManager.ReleaseName }} --namespace {{ .Release.Namespace }}\033[0m";
+                    echo -e "\033[31mWe attempted to uninstall all related components, but an internal cleanup step failed. \nAs a result, some resources may not have been fully removed. \nTo complete the uninstallation manually, please run the following command: \n helm uninstall {{ .Values.system.K8sManager.ReleaseName }} {{ .Release.Name }} --namespace {{ .Release.Namespace }}\033[0m";
                     exit 1
                   fi
                 else

charts/konnector/values.yaml

@@ -70,7 +70,7 @@ system:
       rules:
         - apiGroups: [""]
           resources: ["secrets"]
-          verbs: ["create", "patch"]
+          verbs: ["create", "patch", "delete"]
     job-manager:
       rules:
         - apiGroups: ["batch"]
@@ -81,30 +81,33 @@ system:
         - apiGroups: ["panw.com"]
           resources: ["panrules"]
           verbs: ["list", "create", "patch", "get", "update", "delete", "watch"]
+
+  # ==========================
+  # Cluster Role Resources
+  # ==========================
+  clusterRoles:
     connector-manager-creator:
       rules:
         - apiGroups: [""]
           resources: ["configmaps", "services", "serviceaccounts"]
-          verbs: ["create", "patch"]
+          verbs: ["create", "patch", "delete"]
         - apiGroups: ["apps"]
           resources: ["deployments"]
-          verbs: ["create", "patch"]
+          verbs: ["create", "patch", "delete"]
         - apiGroups: ["batch"]
           resources: ["cronjobs", "jobs"]
-          verbs: ["create", "patch"]
-
-  # ==========================
-  # Cluster Role Resources
-  # ==========================
-  clusterRoles:
+          verbs: ["create", "patch", "delete"]
+        - apiGroups: ["rbac.authorization.k8s.io"]
+          resources: ["clusterroles", "roles", "rolebindings", "clusterrolebindings"]
+          verbs: ["create", "patch", "delete"]
     cluster-manager:
       rules:
         - apiGroups: ["", "coordination.k8s.io"]
           resources: ["leases", "namespaces", "secrets", "configmaps"]
           verbs: ["get", "update", "patch", "list", "watch"]
         - apiGroups: ["admissionregistration.k8s.io"]
           resources: ["validatingwebhookconfigurations"]
-          verbs: ["update", "list", "watch", "get", "create", "patch"]
+          verbs: ["update", "list", "watch", "get", "create", "patch", "delete"]
     read-inventory:
       rules:
         - apiGroups: [""]
@@ -118,15 +121,15 @@ system:
           verbs: ["get", "list", "watch"]
         - apiGroups: ["rbac.authorization.k8s.io"]
           resources: ["clusterroles", "roles", "rolebindings", "clusterrolebindings"]
-          verbs: ["get", "list", "watch", "create", "patch"]
+          verbs: ["get", "list", "watch"]
         - apiGroups: ["networking.k8s.io"]
           resources: ["networkpolicies", "ingresses"]
           verbs: ["get", "list", "watch"]
     crd-manager:
       rules:
         - apiGroups: ["apiextensions.k8s.io"]
           resources: ["customresourcedefinitions"]
-          verbs: ["create", "get", "patch"]
+          verbs: ["create", "get", "patch", "delete"]
     otel:
       rules:
         - apiGroups: [""]