[Pending verification] No status when lacking cache permissions

[thetechnick]

If cluster-scoped list & watch permissions are missing for types contained in the bundle image, operator-controller will fail to populate .status.
Intenal error also blocks deletion of ClusterExtension CR, due to non-handling of finalizer teardown.

Log example:

W0918 08:58:27.304878       1 reflector.go:561] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:243: failed to list apps/v1, Kind=Deployment: deployments.apps is forbidden: User "system:serviceaccount:nginx:nginx-install" cannot list resource "deployments" in API group "apps" at the cluster scope
E0918 08:58:27.304923       1 reflector.go:158] "Unhandled Error" err="pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:243: Failed to watch apps/v1, Kind=Deployment: failed to list apps/v1, Kind=Deployment: deployments.apps is forbidden: User \"system:serviceaccount:nginx:nginx-install\" cannot list resource \"deployments\" in API group \"apps\" at the cluster scope" logger="UnhandledError"

[thetechnick]

Could be fixed with #1282

[everettraven]

Would you mind sharing the "version" you ran? If it was a release on GH, which one? if from main, which commit?

[thetechnick]

@everettraven Should have mentioned that directly in the issue description.
Tested with the latest GH release v0.15.0.

[everettraven]

Ah, I think that was cut just before I did a pretty large refactor of our caching logic. Would you mind verifying that you are not seeing this issue if you pull the latest changes from the main branch?

[thetechnick]

Will do o7