From 9aa5a175f77de7caa326ed83a0a47e119da36f76 Mon Sep 17 00:00:00 2001
From: Haim Kortovich <haim.kortovich@topmanage.com>
Date: Mon, 6 May 2024 15:44:27 -0500
Subject: [PATCH] Add machineusers rbac

[ZITADOPER-1]
---
 ops/chart/templates/manager-rbac.yaml         | 26 +++++++++++++++++++
 src/config/rbac/role.yaml                     | 26 +++++++++++++++++++
 .../controller/machineuser_controller.go      |  6 ++---
 3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/ops/chart/templates/manager-rbac.yaml b/ops/chart/templates/manager-rbac.yaml
index 28c3c3b..1cde3e7 100644
--- a/ops/chart/templates/manager-rbac.yaml
+++ b/ops/chart/templates/manager-rbac.yaml
@@ -158,6 +158,32 @@ rules:
   - list
   - patch
   - watch
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - zitadel.topmanage.com
   resources:
diff --git a/src/config/rbac/role.yaml b/src/config/rbac/role.yaml
index 7bfcb9c..0a43600 100644
--- a/src/config/rbac/role.yaml
+++ b/src/config/rbac/role.yaml
@@ -158,6 +158,32 @@ rules:
   - list
   - patch
   - watch
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - zitadel.topmanage.com
+  resources:
+  - machineusers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - zitadel.topmanage.com
   resources:
diff --git a/src/internal/controller/machineuser_controller.go b/src/internal/controller/machineuser_controller.go
index cd818d7..8e5934b 100644
--- a/src/internal/controller/machineuser_controller.go
+++ b/src/internal/controller/machineuser_controller.go
@@ -43,9 +43,9 @@ func NewMachineUserReconciler(client client.Client, refResolver *zitadelv1alpha1
 	}
 }
 
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=oidcapps/finalizers,verbs=update
+//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=zitadel.topmanage.com,resources=machineusers/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.