From c689cd11ce87cbeeafa98675ab2c7a1436d0654c Mon Sep 17 00:00:00 2001
From: Kyle Wuolle <kyle.wuolle@gmail.com>
Date: Wed, 13 Nov 2024 09:48:41 -0800
Subject: [PATCH] Refactor rbac

---
 .../hmc/templates/rbac/controller/roles.yaml  | 52 +++++++++++++++++--
 1 file changed, 48 insertions(+), 4 deletions(-)

diff --git a/templates/provider/hmc/templates/rbac/controller/roles.yaml b/templates/provider/hmc/templates/rbac/controller/roles.yaml
index b805d1bf6..79e2a3978 100644
--- a/templates/provider/hmc/templates/rbac/controller/roles.yaml
+++ b/templates/provider/hmc/templates/rbac/controller/roles.yaml
@@ -206,18 +206,50 @@ rules:
   - patch
   - update
 - apiGroups:
-  - ""
+    - ""
   resources:
-  - secrets
-  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+    - secrets
+  verbs:
+    - get
+    - list
 - apiGroups:
     - hmc.mirantis.com
   resources:
     - unmanagedclusters
+  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+- apiGroups:
+    - hmc.mirantis.com
+  resources:
+    - unmanagedclusters/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - hmc.mirantis.com
+  resources:
     - unmanagedclusters/status
+  verbs:
+    - get
+    - patch
+    - update
+- apiGroups:
+    - hmc.mirantis.com
+  resources:
     - unmanagedmachines
-    - unmanagedmachines/status
   verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+- apiGroups:
+    - hmc.mirantis.com
+  resources:
+    - unmanagedmachines/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - hmc.mirantis.com
+  resources:
+    - unmanagedmachines/status
+  verbs:
+    - get
+    - patch
+    - update
 - apiGroups:
     - cluster.x-k8s.io
   resources:
@@ -259,7 +291,19 @@ rules:
       - hmc.mirantis.com
     resources:
       - unmanagedclusters
+    verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  - apiGroups:
+      - hmc.mirantis.com
+    resources:
       - unmanagedclusters/status
+    verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  - apiGroups:
+      - hmc.mirantis.com
+    resources:
       - unmanagedmachines
+    verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  - apiGroups:
+      - hmc.mirantis.com
+    resources:
       - unmanagedmachines/status
     verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
\ No newline at end of file