SSA requires delete permission for controller ref

[adam-cattermole]

With server-side-apply the k8s API server validates the operator has permissions to delete the resource when it sets controller reference on an object. Without SSA, the operator could still set controller ref and trigger cascading deletion implicitly without the RBAC, but the SSA security model is stricter and requires explicit permission in OCP

[adam-cattermole]

Tests are failing as GCS bucket access has been revoked for the envtest version for controller-runtime v0.16..

[adam-cattermole]

Looks like there would be quite a few changes to upgrade from such an old version of controller-runtime to a newer one - for now I've pinned the version of envtest to a newer version and we can create a follow on to update controller-runtime and unpin

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.20%. Comparing base (5a32c4c) to head (3e32377).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #295   +/-   ##
=======================================
  Coverage   57.20%   57.20%           
=======================================
  Files          13       13           
  Lines        1458     1458           
=======================================
  Hits          834      834           
  Misses        529      529           
  Partials       95       95           

Flag	Coverage Δ
unit	57.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[didierofrivia]

🦭