From 245436c5d5770032f8a571ff95e53ec803ac3b1d Mon Sep 17 00:00:00 2001
From: Bryce Palmer <bpalmer@redhat.com>
Date: Fri, 19 Jul 2024 09:51:25 -0400
Subject: [PATCH] add cluster-admin permissions to o-c SA temporarily (#1073)

Signed-off-by: everettraven <everettraven@gmail.com>
---
 config/base/rbac/role.yaml                          | 6 ++++++
 internal/controllers/clusterextension_controller.go | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml
index 0130a1662..e9ac55801 100644
--- a/config/base/rbac/role.yaml
+++ b/config/base/rbac/role.yaml
@@ -4,6 +4,12 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - apiextensions.k8s.io
   resources:
diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go
index 1867e2c00..b042d4de6 100644
--- a/internal/controllers/clusterextension_controller.go
+++ b/internal/controllers/clusterextension_controller.go
@@ -119,6 +119,9 @@ type Preflight interface {
 //+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create
 //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get
 
+// TODO: Remove these permissions as part of resolving https://github.com/operator-framework/operator-controller/issues/975
+//+kubebuilder:rbac:groups=*,resources=*,verbs=*
+
 //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=clustercatalogs,verbs=list;watch
 //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch