diff --git a/operator/templates/rbac/cascadingrule_editor_role.yaml b/operator/templates/rbac/cascadingrule_editor_role.yaml new file mode 100644 index 0000000000..487dcdb21e --- /dev/null +++ b/operator/templates/rbac/cascadingrule_editor_role.yaml @@ -0,0 +1,28 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +# permissions for end users to edit cascadingrules. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cascadingrule-editor-role +rules: + - apiGroups: + - cascading.securecodebox.io + resources: + - cascadingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cascading.securecodebox.io + resources: + - cascadingrules/status + verbs: + - get diff --git a/operator/templates/rbac/cascadingrule_viewer_role.yaml b/operator/templates/rbac/cascadingrule_viewer_role.yaml new file mode 100644 index 0000000000..7723fd6513 --- /dev/null +++ b/operator/templates/rbac/cascadingrule_viewer_role.yaml @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +# permissions for end users to view cascadingrules. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cascadingrule-viewer-role +rules: + - apiGroups: + - cascading.securecodebox.io + resources: + - cascadingrules + verbs: + - get + - list + - watch + - apiGroups: + - cascading.securecodebox.io + resources: + - cascadingrules/status + verbs: + - get diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml index ac5d0c8aa8..c80f66fb95 100644 --- a/operator/templates/rbac/role.yaml +++ b/operator/templates/rbac/role.yaml @@ -100,6 +100,14 @@ rules: - get - patch - update +- apiGroups: + - execution.securecodebox.io/status + resources: + - scheduledscans + verbs: + - get + - patch + - update - apiGroups: - rbac.authorization.k8s.io resources: @@ -116,6 +124,5 @@ rules: verbs: - create - get - - update - list - watch diff --git a/operator/templates/rbac/scancompletionhook_editor_role.yaml b/operator/templates/rbac/scancompletionhook_editor_role.yaml new file mode 100644 index 0000000000..f24ca2b342 --- /dev/null +++ b/operator/templates/rbac/scancompletionhook_editor_role.yaml @@ -0,0 +1,28 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +# permissions for end users to edit scancompletionhooks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: scancompletionhook-editor-role +rules: + - apiGroups: + - execution.securecodebox.io + resources: + - scancompletionhooks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - execution.securecodebox.io + resources: + - scancompletionhooks/status + verbs: + - get diff --git a/operator/templates/rbac/scancompletionhook_viewer_role.yaml b/operator/templates/rbac/scancompletionhook_viewer_role.yaml new file mode 100644 index 0000000000..5d33eb6c85 --- /dev/null +++ b/operator/templates/rbac/scancompletionhook_viewer_role.yaml @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +# permissions for end users to view scancompletionhooks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: scancompletionhook-viewer-role +rules: + - apiGroups: + - execution.securecodebox.io + resources: + - scancompletionhooks + verbs: + - get + - list + - watch + - apiGroups: + - execution.securecodebox.io + resources: + - scancompletionhooks/status + verbs: + - get