From 3dfa12ba448becdbde02d77d4462604d3af6fbda Mon Sep 17 00:00:00 2001
From: bjwswang <bjwswang@gmail.com>
Date: Tue, 20 Feb 2024 15:22:02 +0800
Subject: [PATCH] fix: missing required permissions for resource-reader and
 remove apiversion in role definitions

Signed-off-by: bjwswang <bjwswang@gmail.com>
---
 charts/component-store/Chart.yaml             |  2 +-
 .../templates/resource-rbac.yaml              | 31 +++++++++++++++++++
 charts/kubebb-core/Chart.yaml                 |  2 +-
 .../kubebb-core/templates/role_template.yaml  | 24 +++++++-------
 4 files changed, 45 insertions(+), 14 deletions(-)
 create mode 100644 charts/component-store/templates/resource-rbac.yaml

diff --git a/charts/component-store/Chart.yaml b/charts/component-store/Chart.yaml
index 2087c34..bde1f77 100644
--- a/charts/component-store/Chart.yaml
+++ b/charts/component-store/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: component-store
 description: Component store to list, view and deploy various components.
 type: application
-version: 0.0.2
+version: 0.0.23
 icon: https://avatars.githubusercontent.com/u/85277200
 keywords:
   - kubebb
diff --git a/charts/component-store/templates/resource-rbac.yaml b/charts/component-store/templates/resource-rbac.yaml
new file mode 100644
index 0000000..7d16139
--- /dev/null
+++ b/charts/component-store/templates/resource-rbac.yaml
@@ -0,0 +1,31 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kubebb-resource-reader
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - "core.kubebb.k8s.com.cn"
+  resources:
+  - ratings
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubebb-resource-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubebb-resource-reader
+subjects:
+- kind: Group
+  name: resource-reader
diff --git a/charts/kubebb-core/Chart.yaml b/charts/kubebb-core/Chart.yaml
index a89430f..d259e92 100644
--- a/charts/kubebb-core/Chart.yaml
+++ b/charts/kubebb-core/Chart.yaml
@@ -6,7 +6,7 @@ annotations:
   core.kubebb.k8s.com.cn/restricted-namespaces: "kubebb-system"
 description: Kubebb Core provides core implementations on Component Lifecycle Management.Our design and development follows operator pattern which extends kubernetes APIs.
 type: application
-version: v0.1.25
+version: v0.1.26
 appVersion: v0.1.6
 icon: https://avatars.githubusercontent.com/u/85277200
 keywords:
diff --git a/charts/kubebb-core/templates/role_template.yaml b/charts/kubebb-core/templates/role_template.yaml
index 4cd0676..7dbd3cc 100644
--- a/charts/kubebb-core/templates/role_template.yaml
+++ b/charts/kubebb-core/templates/role_template.yaml
@@ -15,7 +15,7 @@ spec:
     displayName: 安装计划
     rules:
     - apiGroups:
-      - core.kubebb.k8s.com.cn/v1alpha1
+      - core.kubebb.k8s.com.cn
       resources:
       - componentplans
       verbs:
@@ -26,7 +26,7 @@ spec:
       - patch
       - update
     - apiGroups:
-        - core.kubebb.k8s.com.cn/v1alpha1
+        - core.kubebb.k8s.com.cn
       resources:
         - componentplans/status
       verbs:
@@ -35,14 +35,14 @@ spec:
     displayName: 组件
     rules:
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - components
         verbs:
           - get
           - list
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - components/status
         verbs:
@@ -51,7 +51,7 @@ spec:
     displayName: 订阅计划
     rules:
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - subscriptions
         verbs:
@@ -62,7 +62,7 @@ spec:
           - patch
           - update
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - subscriptions/status
         verbs:
@@ -85,14 +85,14 @@ spec:
     displayName: 仓库
     rules:
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - repositories
         verbs:
           - get
           - list
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - repositories/status
         verbs:
@@ -101,7 +101,7 @@ spec:
     displayName: 安装计划
     rules:
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - componentplans
         verbs:
@@ -112,7 +112,7 @@ spec:
           - patch
           - update
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - componentplans/status
         verbs:
@@ -121,7 +121,7 @@ spec:
     displayName: 订阅计划
     rules:
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - subscriptions
         verbs:
@@ -132,7 +132,7 @@ spec:
           - patch
           - update
       - apiGroups:
-          - core.kubebb.k8s.com.cn/v1alpha1
+          - core.kubebb.k8s.com.cn
         resources:
           - subscriptions/status
         verbs: