diff --git a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml index 84f221003c..2049532be6 100644 --- a/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml +++ b/helm/olmv1/templates/rbac/clusterrole-operator-controller-manager-role.yml @@ -72,4 +72,37 @@ rules: verbs: - use {{- end }} + {{- if has "BoxcutterRuntime" .Values.options.operatorController.features.enabled }} + - apiGroups: + - "*" + resources: + - "*" + verbs: + - list + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/status + verbs: + - patch + - update + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/finalizers + verbs: + - update + {{- end }} {{- end }} diff --git a/helm/olmv1/templates/rbac/clusterrolebinding-operator-controller-manager-rolebinding.yml b/helm/olmv1/templates/rbac/clusterrolebinding-operator-controller-manager-rolebinding.yml index 9817337dff..5d1beeb57c 100644 --- a/helm/olmv1/templates/rbac/clusterrolebinding-operator-controller-manager-rolebinding.yml +++ b/helm/olmv1/templates/rbac/clusterrolebinding-operator-controller-manager-rolebinding.yml @@ -16,11 +16,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole -{{- if has "BoxcutterRuntime" .Values.options.operatorController.features.enabled }} - name: cluster-admin -{{- else }} name: operator-controller-manager-role -{{- end }} subjects: - kind: ServiceAccount name: operator-controller-controller-manager diff --git a/manifests/experimental-e2e.yaml b/manifests/experimental-e2e.yaml index eb72fb01f6..c6e370cda0 100644 --- a/manifests/experimental-e2e.yaml +++ b/manifests/experimental-e2e.yaml @@ -1824,6 +1824,37 @@ rules: verbs: - list - watch + - apiGroups: + - "*" + resources: + - "*" + verbs: + - list + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/status + verbs: + - patch + - update + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/finalizers + verbs: + - update --- # Source: olmv1/templates/rbac/clusterrolebinding-catalogd-manager-rolebinding.yml apiVersion: rbac.authorization.k8s.io/v1 @@ -1895,7 +1926,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: operator-controller-manager-role subjects: - kind: ServiceAccount name: operator-controller-controller-manager diff --git a/manifests/experimental.yaml b/manifests/experimental.yaml index 6cb9b18485..46ca67c91b 100644 --- a/manifests/experimental.yaml +++ b/manifests/experimental.yaml @@ -1785,6 +1785,37 @@ rules: verbs: - list - watch + - apiGroups: + - "*" + resources: + - "*" + verbs: + - list + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/status + verbs: + - patch + - update + - apiGroups: + - olm.operatorframework.io + resources: + - clusterextensionrevisions/finalizers + verbs: + - update --- # Source: olmv1/templates/rbac/clusterrolebinding-catalogd-manager-rolebinding.yml apiVersion: rbac.authorization.k8s.io/v1 @@ -1856,7 +1887,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: operator-controller-manager-role subjects: - kind: ServiceAccount name: operator-controller-controller-manager