chore(refactor): use rbac package for valid actions (#25456)

Signed-off-by: nitishfy <justnitish06@gmail.com>

pkg/apis/application/v1alpha1/types.go

@@ -2566,15 +2566,14 @@ type ResourceActionParam struct {
 	Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
 }
 
-// TODO: refactor to use rbac.ActionGet, rbac.ActionCreate, without import cycle
 var validActions = map[string]bool{
-	"get":      true,
-	"create":   true,
-	"update":   true,
-	"delete":   true,
-	"sync":     true,
-	"override": true,
-	"*":        true,
+	rbac.ActionGet:      true,
+	rbac.ActionCreate:   true,
+	rbac.ActionUpdate:   true,
+	rbac.ActionDelete:   true,
+	rbac.ActionSync:     true,
+	rbac.ActionOverride: true,
+	"*":                 true,
 }
 
 var validActionPatterns = []*regexp.Regexp{

pkg/apis/application/v1alpha1/types_test.go

@@ -3775,6 +3775,44 @@ func Test_validatePolicy_ValidResource(t *testing.T) {
 	require.Error(t, err)
 }
 
+func TestIsValidAction(t *testing.T) {
+	tests := []struct {
+		name   string
+		action string
+		want   bool
+	}{
+		// validActions direct matches
+		{"ValidGet", "get", true},
+		{"ValidCreate", "create", true},
+		{"ValidUpdate", "update", true},
+		{"ValidDelete", "delete", true},
+		{"ValidSync", "sync", true},
+		{"ValidOverride", "override", true},
+		{"ValidWildcard", "*", true},
+
+		// pattern matches
+		{"MatchActionPattern", "action/foo", true},
+		{"MatchUpdatePattern", "update/bar", true},
+		{"MatchDeletePattern", "delete/baz", true},
+
+		// near matches
+		{"NoMatchActionSuffix", "actionfoo", false},
+		{"NoMatchUpdateSuffix", "updatebar", false},
+		{"NoMatchDeleteSuffix", "deletebaz", false},
+
+		// invalid
+		{"RandomString", "random", false},
+		{"Empty", "", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := isValidAction(tt.action)
+			assert.Equal(t, tt.want, got, "isValidAction(%q)", tt.action)
+		})
+	}
+}
+
 func TestEnvsubst(t *testing.T) {
 	env := Env{
 		&EnvEntry{"foo", "bar"},