From b4771af035ae65302b74084722796a63f3ead018 Mon Sep 17 00:00:00 2001
From: Fred Rolland <frolland@nvidia.com>
Date: Tue, 17 Oct 2023 11:44:55 +0300
Subject: [PATCH] chore: Align RBAC rules

Align Helm RBAC Role template to the kubebuilder
generated file in `config/rbac/role.yaml`

Signed-off-by: Fred Rolland <frolland@nvidia.com>
---
 .../network-operator/templates/role.yaml      | 95 ++++++++++++-------
 1 file changed, 63 insertions(+), 32 deletions(-)

diff --git a/deployment/network-operator/templates/role.yaml b/deployment/network-operator/templates/role.yaml
index 6c76b7a5..547646ac 100644
--- a/deployment/network-operator/templates/role.yaml
+++ b/deployment/network-operator/templates/role.yaml
@@ -80,6 +80,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -141,6 +153,19 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - certificates
+  - issuers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:
@@ -173,13 +198,7 @@ rules:
 - apiGroups:
   - k8s.cni.cncf.io
   resources:
-  - '*'
-  verbs:
-  - '*'
-- apiGroups:
-  - mellanox.com
-  resources:
-  - '*'
+  - network-attachment-definitions
   verbs:
   - create
   - delete
@@ -200,6 +219,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - mellanox.com
+  resources:
+  - hostdevicenetworks/finalizers
+  verbs:
+  - update
 - apiGroups:
   - mellanox.com
   resources:
@@ -220,6 +245,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - mellanox.com
+  resources:
+  - ipoibnetworks/finalizers
+  verbs:
+  - update
 - apiGroups:
   - mellanox.com
   resources:
@@ -240,6 +271,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - mellanox.com
+  resources:
+  - macvlannetworks/finalizers
+  verbs:
+  - update
 - apiGroups:
   - mellanox.com
   resources:
@@ -248,6 +285,25 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - mellanox.com
+  resources:
+  - nicclusterpolicies
+  - nicclusterpolicies/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - mellanox.com
+  resources:
+  - nicclusterpolicies/finalizers
+  verbs:
+  - update
 - apiGroups:
   - monitoring.coreos.com
   resources:
@@ -333,28 +389,3 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - certificates
-  - issuers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch