From 2c97e89f46695bdb1fc9e173097e32f519124c48 Mon Sep 17 00:00:00 2001
From: Naadir Jeewa <naadir@randomvariable.co.uk>
Date: Wed, 17 Oct 2018 15:39:53 +0100
Subject: [PATCH] controller: Add RBAC annotations for kubebuilder

---
 config/rbac/rbac_role.yaml               | 32 ++++++++++++++++++++++++
 config/rbac/rbac_role_binding.yaml       | 13 ++++++++++
 pkg/controller/add_cluster_controller.go |  1 +
 pkg/controller/add_machine_controller.go |  1 +
 4 files changed, 47 insertions(+)
 create mode 100644 config/rbac/rbac_role.yaml
 create mode 100644 config/rbac/rbac_role_binding.yaml

diff --git a/config/rbac/rbac_role.yaml b/config/rbac/rbac_role.yaml
new file mode 100644
index 0000000000..a04d56f837
--- /dev/null
+++ b/config/rbac/rbac_role.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: manager-role
+rules:
+- apiGroups:
+  - awsprovider.k8s.io
+  resources:
+  - awsclusterproviderconfigs
+  - awsclusterproviderstatuses
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - awsprovider.k8s.io
+  resources:
+  - awsmachineproviderconfigs
+  - awsmachineproviderstatuses
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
diff --git a/config/rbac/rbac_role_binding.yaml b/config/rbac/rbac_role_binding.yaml
new file mode 100644
index 0000000000..c1033e23fb
--- /dev/null
+++ b/config/rbac/rbac_role_binding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: system
diff --git a/pkg/controller/add_cluster_controller.go b/pkg/controller/add_cluster_controller.go
index 6ba31809dd..c1f2289daf 100644
--- a/pkg/controller/add_cluster_controller.go
+++ b/pkg/controller/add_cluster_controller.go
@@ -22,6 +22,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
+//+kubebuilder:rbac:groups=awsprovider.k8s.io,resources=awsclusterproviderconfigs;awsclusterproviderstatuses,verbs=get;list;watch;create;update;patch;delete
 func init() {
 	// AddToManagerFuncs is a list of functions to create controllers and add them to a manager.
 	AddToManagerFuncs = append(AddToManagerFuncs, func(m manager.Manager) error {
diff --git a/pkg/controller/add_machine_controller.go b/pkg/controller/add_machine_controller.go
index b7edfc806b..06d617f8ac 100644
--- a/pkg/controller/add_machine_controller.go
+++ b/pkg/controller/add_machine_controller.go
@@ -22,6 +22,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
+//+kubebuilder:rbac:groups=awsprovider.k8s.io,resources=awsmachineproviderconfigs;awsmachineproviderstatuses,verbs=get;list;watch;create;update;patch;delete
 func init() {
 	// AddToManagerFuncs is a list of functions to create controllers and add them to a manager.
 	AddToManagerFuncs = append(AddToManagerFuncs, func(m manager.Manager) error {