From 492320880c7b06b26d843d8bbe03214cdcbef4c7 Mon Sep 17 00:00:00 2001
From: gabemontero <gmontero@redhat.com>
Date: Wed, 25 Aug 2021 18:25:27 -0400
Subject: [PATCH] add tektonconfig rbac; make bundle

---
 .../operator.clusterserviceversion.yaml         | 12 ++++++++++++
 config/rbac/kustomization.yaml                  |  2 ++
 config/rbac/tektonconfig_operator_role.yaml     | 17 +++++++++++++++++
 .../rbac/tektonconfig_operator_rolebinding.yaml | 12 ++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 config/rbac/tektonconfig_operator_role.yaml
 create mode 100644 config/rbac/tektonconfig_operator_rolebinding.yaml

diff --git a/bundle/manifests/operator.clusterserviceversion.yaml b/bundle/manifests/operator.clusterserviceversion.yaml
index 016cb95a..c6781be3 100644
--- a/bundle/manifests/operator.clusterserviceversion.yaml
+++ b/bundle/manifests/operator.clusterserviceversion.yaml
@@ -215,6 +215,18 @@ spec:
           - subjectaccessreviews
           verbs:
           - create
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - tektonconfigs
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         serviceAccountName: default
       deployments:
       - name: operator-controller-manager
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 66c28338..4f70b41e 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -3,6 +3,8 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- tektonconfig_operator_role.yaml
+- tektonconfig_operator_rolebinding.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.
diff --git a/config/rbac/tektonconfig_operator_role.yaml b/config/rbac/tektonconfig_operator_role.yaml
new file mode 100644
index 00000000..4c6f07d0
--- /dev/null
+++ b/config/rbac/tektonconfig_operator_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tektonconfig-operator-role
+rules:
+  - apiGroups:
+      - operator.tekton.dev
+    resources:
+      - tektonconfigs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
diff --git a/config/rbac/tektonconfig_operator_rolebinding.yaml b/config/rbac/tektonconfig_operator_rolebinding.yaml
new file mode 100644
index 00000000..5c4b5e7f
--- /dev/null
+++ b/config/rbac/tektonconfig_operator_rolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tektonconfig-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tektonconfig-operator-role
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: system