apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: manager-role
rules:
##
## Base operator rules
##
# We need to get namespaces so the operator can read namespaces to ensure they exist
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
# We need to manage Helm release secrets
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - "*"
# We need to create events on CRs about things happening during reconciliation
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create

##
## Rules for charts.my.domain/v1alpha1, Kind: OpenshiftPipelines
##
- apiGroups:
  - charts.my.domain
  resources:
  - openshiftpipelines
  - openshiftpipelines/status
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- verbs:
  - "*"
  apiGroups:
  - "rbac.authorization.k8s.io"
  resources:
  - "clusterrolebindings"
  - "clusterroles"
- verbs:
  - "*"
  apiGroups:
  - "apps"
  resources:
  - "statefulsets"
- verbs:
  - "*"
  apiGroups:
  - ""
  resources:
  - "configmaps"
  - "secrets"
  - "serviceaccounts"
  - "services"
- verbs:
  - "*"
  apiGroups:
  - "rbac.authorization.k8s.io"
  resources:
  - "rolebindings"
  - "roles"

# +kubebuilder:scaffold:rules