From fef3c969de84fb61da2c670efdcd4bca6966e465 Mon Sep 17 00:00:00 2001 From: Hugo Ares Date: Fri, 25 Oct 2024 15:42:32 -0400 Subject: [PATCH] Get rid of managed gitops permissions in kubesaw We no longer deploy managed gitops service, clean up the user permissions. Signed-off-by: Hugo Ares --- .../production/appstudio/kustomization.yaml | 4 + .../appstudio/nstemplatetier-appstudio.yaml | 8 +- ...appstudio-admin-1038607973-1038607973.yaml | 270 ++++++++++++++++++ ...tudio-contributor-674648168-674648168.yaml | 170 +++++++++++ ...udio-maintainer-2067287336-2067287336.yaml | 191 +++++++++++++ ...ppstudio-viewer-2629034250-2629034250.yaml | 169 +++++++++++ .../appstudiolarge/kustomization.yaml | 4 + .../nstemplatetier-appstudiolarge.yaml | 8 +- ...udiolarge-admin-3971529334-1038607973.yaml | 270 ++++++++++++++++++ ...arge-contributor-3971529334-674648168.yaml | 170 +++++++++++ ...arge-maintainer-3971529334-2067287336.yaml | 191 +++++++++++++ ...diolarge-viewer-3971529334-2629034250.yaml | 169 +++++++++++ .../appstudioxlarge/kustomization.yaml | 4 + .../nstemplatetier-appstudioxlarge.yaml | 8 +- ...dioxlarge-admin-1655178728-1038607973.yaml | 270 ++++++++++++++++++ ...arge-contributor-1655178728-674648168.yaml | 170 +++++++++++ ...arge-maintainer-1655178728-2067287336.yaml | 191 +++++++++++++ ...ioxlarge-viewer-1655178728-2629034250.yaml | 169 +++++++++++ .../tiers/src/appstudio/spacerole_admin.yaml | 11 - .../src/appstudio/spacerole_contributor.yaml | 11 - .../src/appstudio/spacerole_maintainer.yaml | 11 - .../tiers/src/appstudio/spacerole_viewer.yaml | 11 - .../staging/appstudio/kustomization.yaml | 4 + .../appstudio/nstemplatetier-appstudio.yaml | 8 +- ...appstudio-admin-1038607973-1038607973.yaml | 270 ++++++++++++++++++ ...tudio-contributor-674648168-674648168.yaml | 170 +++++++++++ ...udio-maintainer-2067287336-2067287336.yaml | 191 +++++++++++++ ...ppstudio-viewer-2629034250-2629034250.yaml | 169 +++++++++++ .../staging/appstudiolarge/kustomization.yaml | 4 + .../nstemplatetier-appstudiolarge.yaml | 8 +- ...udiolarge-admin-3971529334-1038607973.yaml | 270 ++++++++++++++++++ ...arge-contributor-3971529334-674648168.yaml | 170 +++++++++++ ...arge-maintainer-3971529334-2067287336.yaml | 191 +++++++++++++ ...diolarge-viewer-3971529334-2629034250.yaml | 169 +++++++++++ .../appstudioxlarge/kustomization.yaml | 4 + .../nstemplatetier-appstudioxlarge.yaml | 8 +- ...dioxlarge-admin-1655178728-1038607973.yaml | 270 ++++++++++++++++++ ...arge-contributor-1655178728-674648168.yaml | 170 +++++++++++ ...arge-maintainer-1655178728-2067287336.yaml | 191 +++++++++++++ ...ioxlarge-viewer-1655178728-2629034250.yaml | 169 +++++++++++ 40 files changed, 4848 insertions(+), 68 deletions(-) create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml diff --git a/components/sandbox/tiers/production/appstudio/kustomization.yaml b/components/sandbox/tiers/production/appstudio/kustomization.yaml index 6fe4007e8c8..8412da1e0cb 100644 --- a/components/sandbox/tiers/production/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudio/kustomization.yaml @@ -6,6 +6,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudio.yaml +- tiertemplate-appstudio-admin-1038607973-1038607973.yaml - tiertemplate-appstudio-admin-1876853981-1876853981.yaml - tiertemplate-appstudio-admin-2415879015-2415879015.yaml - tiertemplate-appstudio-admin-849337768-849337768.yaml @@ -13,8 +14,10 @@ resources: - tiertemplate-appstudio-clusterresources-593233715-593233715.yaml - tiertemplate-appstudio-clusterresources-809836689-809836689.yaml - tiertemplate-appstudio-contributor-1817914940-1817914940.yaml +- tiertemplate-appstudio-contributor-674648168-674648168.yaml - tiertemplate-appstudio-contributor-829105171-829105171.yaml - tiertemplate-appstudio-maintainer-1904354742-1904354742.yaml +- tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml - tiertemplate-appstudio-maintainer-293087644-293087644.yaml - tiertemplate-appstudio-maintainer-474752551-474752551.yaml - tiertemplate-appstudio-tenant-199961605-199961605.yaml @@ -22,5 +25,6 @@ resources: - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml +- tiertemplate-appstudio-viewer-2629034250-2629034250.yaml - tiertemplate-appstudio-viewer-4059797645-4059797645.yaml - tiertemplate-appstudio-viewer-4256863455-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml index 211c3131cb3..421b0eb02c4 100644 --- a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudio-tenant-4121561789-4121561789 spaceRoles: admin: - templateRef: appstudio-admin-849337768-849337768 + templateRef: appstudio-admin-1038607973-1038607973 contributor: - templateRef: appstudio-contributor-829105171-829105171 + templateRef: appstudio-contributor-674648168-674648168 maintainer: - templateRef: appstudio-maintainer-474752551-474752551 + templateRef: appstudio-maintainer-2067287336-2067287336 viewer: - templateRef: appstudio-viewer-4256863455-4256863455 + templateRef: appstudio-viewer-2629034250-2629034250 status: {} diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml new file mode 100644 index 00000000000..347655ab2dc --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-admin-1038607973-1038607973 + namespace: toolchain-host-operator +spec: + revision: 1038607973-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: admin diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml new file mode 100644 index 00000000000..af6316cd30e --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-contributor-674648168-674648168 + namespace: toolchain-host-operator +spec: + revision: 674648168-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: contributor diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml new file mode 100644 index 00000000000..cd5b4374a51 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-maintainer-2067287336-2067287336 + namespace: toolchain-host-operator +spec: + revision: 2067287336-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: maintainer diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml new file mode 100644 index 00000000000..520f9eb06b7 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-viewer-2629034250-2629034250 + namespace: toolchain-host-operator +spec: + revision: 2629034250-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: viewer diff --git a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml index 582dc0ed32f..994843c8fe4 100644 --- a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml @@ -10,6 +10,7 @@ resources: - tiertemplate-appstudiolarge-admin-1884308846-2415879015.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml - tiertemplate-appstudiolarge-admin-3994678728-849337768.yaml - tiertemplate-appstudiolarge-clusterresources-1884308846-809836689.yaml @@ -19,11 +20,13 @@ resources: - tiertemplate-appstudiolarge-contributor-1884308846-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml - tiertemplate-appstudiolarge-contributor-3994678728-829105171.yaml - tiertemplate-appstudiolarge-maintainer-1884308846-293087644.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-474752551.yaml @@ -37,5 +40,6 @@ resources: - tiertemplate-appstudiolarge-viewer-1884308846-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3994678728-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml index c9dde7c134f..c3236cc61af 100644 --- a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudiolarge-tenant-3971529334-4121561789 spaceRoles: admin: - templateRef: appstudiolarge-admin-3971529334-849337768 + templateRef: appstudiolarge-admin-3971529334-1038607973 contributor: - templateRef: appstudiolarge-contributor-3971529334-829105171 + templateRef: appstudiolarge-contributor-3971529334-674648168 maintainer: - templateRef: appstudiolarge-maintainer-3971529334-474752551 + templateRef: appstudiolarge-maintainer-3971529334-2067287336 viewer: - templateRef: appstudiolarge-viewer-3971529334-4256863455 + templateRef: appstudiolarge-viewer-3971529334-2629034250 status: {} diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml new file mode 100644 index 00000000000..9f3f3a97ef3 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-3971529334-1038607973 + namespace: toolchain-host-operator +spec: + revision: 3971529334-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml new file mode 100644 index 00000000000..2331bf41bf9 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-3971529334-674648168 + namespace: toolchain-host-operator +spec: + revision: 3971529334-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml new file mode 100644 index 00000000000..9b58e444e72 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-3971529334-2067287336 + namespace: toolchain-host-operator +spec: + revision: 3971529334-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml new file mode 100644 index 00000000000..6e57d87d501 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-3971529334-2629034250 + namespace: toolchain-host-operator +spec: + revision: 3971529334-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml index b0545b1de91..9edfe6323c4 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml @@ -6,15 +6,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudioxlarge.yaml +- tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml - tiertemplate-appstudioxlarge-admin-1655178728-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml - tiertemplate-appstudioxlarge-admin-884010306-849337768.yaml - tiertemplate-appstudioxlarge-clusterresources-1655178728-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-409719430-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-884010306-3180033938.yaml +- tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml - tiertemplate-appstudioxlarge-contributor-884010306-829105171.yaml +- tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-1904354742.yaml @@ -23,6 +26,7 @@ resources: - tiertemplate-appstudioxlarge-tenant-409719430-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-649666048.yaml +- tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-884010306-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index adc0e17a591..8e79c493233 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudioxlarge-tenant-1655178728-4121561789 spaceRoles: admin: - templateRef: appstudioxlarge-admin-1655178728-849337768 + templateRef: appstudioxlarge-admin-1655178728-1038607973 contributor: - templateRef: appstudioxlarge-contributor-1655178728-829105171 + templateRef: appstudioxlarge-contributor-1655178728-674648168 maintainer: - templateRef: appstudioxlarge-maintainer-1655178728-474752551 + templateRef: appstudioxlarge-maintainer-1655178728-2067287336 viewer: - templateRef: appstudioxlarge-viewer-1655178728-4256863455 + templateRef: appstudioxlarge-viewer-1655178728-2629034250 status: {} diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml new file mode 100644 index 00000000000..9463ff92528 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-1655178728-1038607973 + namespace: toolchain-host-operator +spec: + revision: 1655178728-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml new file mode 100644 index 00000000000..03911ea8124 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-1655178728-674648168 + namespace: toolchain-host-operator +spec: + revision: 1655178728-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml new file mode 100644 index 00000000000..d59510a37ec --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-1655178728-2067287336 + namespace: toolchain-host-operator +spec: + revision: 1655178728-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml new file mode 100644 index 00000000000..b228fe92fa7 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-1655178728-2629034250 + namespace: toolchain-host-operator +spec: + revision: 1655178728-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer diff --git a/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml b/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml index 9b4ea445294..40c351bc46a 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml @@ -54,17 +54,6 @@ objects: - update - patch - delete - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - apiGroups: - tekton.dev resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml b/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml index 2fa7ceb3642..645c0d0955b 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml @@ -42,17 +42,6 @@ objects: - get - list - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - apiGroups: - tekton.dev resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml b/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml index bc879bb0d78..35394172712 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml @@ -45,17 +45,6 @@ objects: - get - list - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - apiGroups: - tekton.dev resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml b/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml index a308ef745f4..93ec39f4664 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml @@ -41,17 +41,6 @@ objects: - get - list - watch - - apiGroups: - - managed-gitops.redhat.com - resources: - - gitopsdeployments - - gitopsdeploymentmanagedenvironments - - gitopsdeploymentrepositorycredentials - - gitopsdeploymentsyncruns - verbs: - - get - - list - - watch - apiGroups: - tekton.dev resources: diff --git a/components/sandbox/tiers/staging/appstudio/kustomization.yaml b/components/sandbox/tiers/staging/appstudio/kustomization.yaml index 6fe4007e8c8..8412da1e0cb 100644 --- a/components/sandbox/tiers/staging/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudio/kustomization.yaml @@ -6,6 +6,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudio.yaml +- tiertemplate-appstudio-admin-1038607973-1038607973.yaml - tiertemplate-appstudio-admin-1876853981-1876853981.yaml - tiertemplate-appstudio-admin-2415879015-2415879015.yaml - tiertemplate-appstudio-admin-849337768-849337768.yaml @@ -13,8 +14,10 @@ resources: - tiertemplate-appstudio-clusterresources-593233715-593233715.yaml - tiertemplate-appstudio-clusterresources-809836689-809836689.yaml - tiertemplate-appstudio-contributor-1817914940-1817914940.yaml +- tiertemplate-appstudio-contributor-674648168-674648168.yaml - tiertemplate-appstudio-contributor-829105171-829105171.yaml - tiertemplate-appstudio-maintainer-1904354742-1904354742.yaml +- tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml - tiertemplate-appstudio-maintainer-293087644-293087644.yaml - tiertemplate-appstudio-maintainer-474752551-474752551.yaml - tiertemplate-appstudio-tenant-199961605-199961605.yaml @@ -22,5 +25,6 @@ resources: - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml +- tiertemplate-appstudio-viewer-2629034250-2629034250.yaml - tiertemplate-appstudio-viewer-4059797645-4059797645.yaml - tiertemplate-appstudio-viewer-4256863455-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml index 211c3131cb3..421b0eb02c4 100644 --- a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudio-tenant-4121561789-4121561789 spaceRoles: admin: - templateRef: appstudio-admin-849337768-849337768 + templateRef: appstudio-admin-1038607973-1038607973 contributor: - templateRef: appstudio-contributor-829105171-829105171 + templateRef: appstudio-contributor-674648168-674648168 maintainer: - templateRef: appstudio-maintainer-474752551-474752551 + templateRef: appstudio-maintainer-2067287336-2067287336 viewer: - templateRef: appstudio-viewer-4256863455-4256863455 + templateRef: appstudio-viewer-2629034250-2629034250 status: {} diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml new file mode 100644 index 00000000000..347655ab2dc --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1038607973-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-admin-1038607973-1038607973 + namespace: toolchain-host-operator +spec: + revision: 1038607973-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: admin diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml new file mode 100644 index 00000000000..af6316cd30e --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-674648168-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-contributor-674648168-674648168 + namespace: toolchain-host-operator +spec: + revision: 674648168-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: contributor diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml new file mode 100644 index 00000000000..cd5b4374a51 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-2067287336-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-maintainer-2067287336-2067287336 + namespace: toolchain-host-operator +spec: + revision: 2067287336-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml new file mode 100644 index 00000000000..520f9eb06b7 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-2629034250-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-viewer-2629034250-2629034250 + namespace: toolchain-host-operator +spec: + revision: 2629034250-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: viewer diff --git a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml index ae4f8349857..57249d9c5b9 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml @@ -10,6 +10,7 @@ resources: - tiertemplate-appstudiolarge-admin-1884308846-2415879015.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml - tiertemplate-appstudiolarge-admin-3994678728-849337768.yaml - tiertemplate-appstudiolarge-clusterresources-1884308846-809836689.yaml @@ -19,11 +20,13 @@ resources: - tiertemplate-appstudiolarge-contributor-1884308846-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml - tiertemplate-appstudiolarge-contributor-3994678728-829105171.yaml - tiertemplate-appstudiolarge-maintainer-1884308846-293087644.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-3994678728-474752551.yaml @@ -38,5 +41,6 @@ resources: - tiertemplate-appstudiolarge-viewer-1884308846-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3994678728-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml index c9dde7c134f..c3236cc61af 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudiolarge-tenant-3971529334-4121561789 spaceRoles: admin: - templateRef: appstudiolarge-admin-3971529334-849337768 + templateRef: appstudiolarge-admin-3971529334-1038607973 contributor: - templateRef: appstudiolarge-contributor-3971529334-829105171 + templateRef: appstudiolarge-contributor-3971529334-674648168 maintainer: - templateRef: appstudiolarge-maintainer-3971529334-474752551 + templateRef: appstudiolarge-maintainer-3971529334-2067287336 viewer: - templateRef: appstudiolarge-viewer-3971529334-4256863455 + templateRef: appstudiolarge-viewer-3971529334-2629034250 status: {} diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml new file mode 100644 index 00000000000..9f3f3a97ef3 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-3971529334-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-3971529334-1038607973 + namespace: toolchain-host-operator +spec: + revision: 3971529334-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml new file mode 100644 index 00000000000..2331bf41bf9 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-3971529334-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-3971529334-674648168 + namespace: toolchain-host-operator +spec: + revision: 3971529334-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml new file mode 100644 index 00000000000..9b58e444e72 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-3971529334-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-3971529334-2067287336 + namespace: toolchain-host-operator +spec: + revision: 3971529334-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml new file mode 100644 index 00000000000..6e57d87d501 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-3971529334-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-3971529334-2629034250 + namespace: toolchain-host-operator +spec: + revision: 3971529334-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml index b0545b1de91..9edfe6323c4 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml @@ -6,15 +6,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudioxlarge.yaml +- tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml - tiertemplate-appstudioxlarge-admin-1655178728-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml - tiertemplate-appstudioxlarge-admin-884010306-849337768.yaml - tiertemplate-appstudioxlarge-clusterresources-1655178728-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-409719430-593233715.yaml - tiertemplate-appstudioxlarge-clusterresources-884010306-3180033938.yaml +- tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml - tiertemplate-appstudioxlarge-contributor-884010306-829105171.yaml +- tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-884010306-1904354742.yaml @@ -23,6 +26,7 @@ resources: - tiertemplate-appstudioxlarge-tenant-409719430-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-4121561789.yaml - tiertemplate-appstudioxlarge-tenant-884010306-649666048.yaml +- tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-884010306-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index adc0e17a591..8e79c493233 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudioxlarge-tenant-1655178728-4121561789 spaceRoles: admin: - templateRef: appstudioxlarge-admin-1655178728-849337768 + templateRef: appstudioxlarge-admin-1655178728-1038607973 contributor: - templateRef: appstudioxlarge-contributor-1655178728-829105171 + templateRef: appstudioxlarge-contributor-1655178728-674648168 maintainer: - templateRef: appstudioxlarge-maintainer-1655178728-474752551 + templateRef: appstudioxlarge-maintainer-1655178728-2067287336 viewer: - templateRef: appstudioxlarge-viewer-1655178728-4256863455 + templateRef: appstudioxlarge-viewer-1655178728-2629034250 status: {} diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml new file mode 100644 index 00000000000..9463ff92528 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-1655178728-1038607973.yaml @@ -0,0 +1,270 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-1655178728-1038607973 + namespace: toolchain-host-operator +spec: + revision: 1655178728-1038607973 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml new file mode 100644 index 00000000000..03911ea8124 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-1655178728-674648168.yaml @@ -0,0 +1,170 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-1655178728-674648168 + namespace: toolchain-host-operator +spec: + revision: 1655178728-674648168 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml new file mode 100644 index 00000000000..d59510a37ec --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-1655178728-2067287336.yaml @@ -0,0 +1,191 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-1655178728-2067287336 + namespace: toolchain-host-operator +spec: + revision: 1655178728-2067287336 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml new file mode 100644 index 00000000000..b228fe92fa7 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-1655178728-2629034250.yaml @@ -0,0 +1,169 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-1655178728-2629034250 + namespace: toolchain-host-operator +spec: + revision: 1655178728-2629034250 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - jvmbuildservice.io + resources: + - jbsconfigs + - artifactbuilds + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer