From 393247649605e7c33431fb6b96009d4cf9964e70 Mon Sep 17 00:00:00 2001
From: Floppy Disk <kklinch0@gmail.com>
Date: Fri, 6 Dec 2024 15:27:16 +0300
Subject: [PATCH] add kubeapps-admin role

---
 .../templates/rolebinding.yaml                | 18 +++++++-
 .../keycloak-configure/templates/roles.yaml   | 42 +++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/packages/system/keycloak-configure/templates/rolebinding.yaml b/packages/system/keycloak-configure/templates/rolebinding.yaml
index 53d606a7b..a5ea3d460 100644
--- a/packages/system/keycloak-configure/templates/rolebinding.yaml
+++ b/packages/system/keycloak-configure/templates/rolebinding.yaml
@@ -6,7 +6,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: admin
+  name: kubeapps-admin
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
@@ -14,6 +14,22 @@ subjects:
 
 ---
 
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubeapps-admin
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: kubeapps-admin
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: kubeapps-admin
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
diff --git a/packages/system/keycloak-configure/templates/roles.yaml b/packages/system/keycloak-configure/templates/roles.yaml
index 8b35215ee..ef6ae19c7 100644
--- a/packages/system/keycloak-configure/templates/roles.yaml
+++ b/packages/system/keycloak-configure/templates/roles.yaml
@@ -1,3 +1,45 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeapps-admin
+rules:
+- apiGroups: [""]
+  resources:
+  - "*"
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["apps.cozystack.io"]
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups: ["helm.toolkit.fluxcd.io"]
+  resources:
+  - helmreleases
+  verbs:
+  - '*'
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kubeapps-admin
+  namespace: cozy-public
+rules:
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["helmrepositories"]
+    verbs:
+    - get
+    - list
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources:
+    - helmcharts
+    verbs: ["*"]
+
+---
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata: