From 80bd7e2291a49dfb6da533a324809f26a13ab582 Mon Sep 17 00:00:00 2001
From: alecmerdler <alecmerdler@gmail.com>
Date: Mon, 5 Nov 2018 12:10:21 -0500
Subject: [PATCH] add 'get' permission for the CRD itself to the created Role

---
 pkg/controller/registry/resolver/steps.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/controller/registry/resolver/steps.go b/pkg/controller/registry/resolver/steps.go
index f8b886420f..56182b5f61 100644
--- a/pkg/controller/registry/resolver/steps.go
+++ b/pkg/controller/registry/resolver/steps.go
@@ -64,7 +64,10 @@ func NewStepResourcesFromCRD(crd *v1beta1.CustomResourceDefinition) ([]v1alpha1.
 				"rbac.authorization.k8s.io/aggregate-to-view": "true",
 			},
 		},
-		Rules: []rbacv1.PolicyRule{{Verbs: []string{"get", "list", "watch"}, APIGroups: []string{crd.Spec.Group}, Resources: []string{crd.Spec.Names.Plural}}},
+		Rules: []rbacv1.PolicyRule{
+			{Verbs: []string{"get", "list", "watch"}, APIGroups: []string{crd.Spec.Group}, Resources: []string{crd.Spec.Names.Plural}},
+			{Verbs: []string{"get", "watch"}, APIGroups: []string{v1beta1.GroupName}, Resources: []string{crd.GetName()}},
+		},
 	}
 	viewRoleStep, err := NewStepResourceFromObject(viewRole, viewRole.GetName())
 	if err != nil {