fix: New ClusterRole service-binding-provisioned-services, updated …

…label selectors (#239) * New ClusterRole service-binding-provisioned-services, updated existing roles Signed-off-by: Rashed Kamal <krashed@vmware.com>
vmware-tanzu · Jun 9, 2022 · 0310eac · 0310eac
1 parent 7f1139f
commit 0310eac
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml
@@ -9,6 +9,8 @@ metadata:
     bindings.labs.vmware.com/release: devel
 aggregationRule:
   clusterRoleSelectors:
+  - matchLabels:
+      bindings.labs.vmware.com/admin: "true"
   - matchLabels:
       servicebinding.io/controller: "true"
   # legacy support
@@ -22,7 +24,7 @@ metadata:
   name: service-binding-core
   labels:
     bindings.labs.vmware.com/release: devel
-    servicebinding.io/controller: "true"
+    bindings.labs.vmware.com/admin: "true"
 rules:
   - apiGroups: [""]
     resources: ["configmaps", "services", "secrets", "events", "namespaces"]
@@ -46,7 +48,7 @@ metadata:
   name: service-binding-crd
   labels:
     bindings.labs.vmware.com/release: devel
-    servicebinding.io/controller: "true"
+    bindings.labs.vmware.com/admin: "true"
 rules:
   - apiGroups: ["servicebinding.io"]
     resources: ["*"]
@@ -100,3 +102,14 @@ rules:
 - apiGroups: ["servicebinding.io"]
   resources: ["servicebindings"]
   verbs: ["get","list","watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: service-binding-provisioned-services
+  labels:
+    servicebinding.io/controller: "true"
+rules:
+- apiGroups: ["bindings.labs.vmware.com"]
+  resources: ["provisionedservices"]
+  verbs: ["get","list","watch"]