Update cluster-auth-manager permissions (#8)

Signed-off-by: Rokibul Hasan <[email protected]>

charts/cluster-auth-manager/templates/k8s/cluster_role.yaml

@@ -4,14 +4,11 @@ metadata:
   name: cluster-auth-manager
 rules:
   - apiGroups: [""]
-    resources: ["configmaps", "events", "namespace", "secrets"]
+    resources: ["configmaps", "events", "namespaces", "secrets", "serviceaccounts"]
     verbs: ["get", "list", "watch", "create", "update", "delete", "deletecollection", "patch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "list", "watch", "create", "update", "patch"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["roles", "rolebindings"]
-    verbs: ["get", "list", "watch", "create", "update", "delete"]
   - apiGroups: ["authorization.k8s.io"]
     resources: ["subjectaccessreviews"]
     verbs: ["get", "create"]
@@ -54,3 +51,26 @@ rules:
       - "clustergateways/health"
       - "clustergateways/proxy"
     verbs: [ "*" ]
+  - apiGroups: [ "authorization.k8s.appscode.com" ]
+    resources:
+      - "managedclustersetrolebindings"
+      - "managedclusterrolebindings"
+      - "managedclusterroles"
+    verbs: [ "*" ]
+  - apiGroups: [ "authentication.open-cluster-management.io" ]
+    resources:
+      - "managedserviceaccounts"
+    verbs: [ "*" ]
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+      - roles
+      - rolebindings
+    verbs: [ "*" ]
+  - apiGroups: [ "authentication.k8s.appscode.com" ]
+    resources:
+      - users
+      - groups
+    verbs: [ "*" ]

charts/cluster-auth-manager/templates/k8s/gateway_cluster_role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-gateway-permission
+rules:
+  - apiGroups:
+      - cluster.core.oam.dev
+    resources:
+      - clustergateways/health
+      - clustergateways/proxy
+    verbs:
+      - "*"