From 6bba529b1079e23e5a059bfe8806bb5adfdf0793 Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Tue, 13 Apr 2021 17:26:53 -0700
Subject: [PATCH] RBAC rules for ldapidentityproviders to grant permissions to
 controller

---
 deploy/supervisor/rbac.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deploy/supervisor/rbac.yaml b/deploy/supervisor/rbac.yaml
index cb84f342..60447f7c 100644
--- a/deploy/supervisor/rbac.yaml
+++ b/deploy/supervisor/rbac.yaml
@@ -32,6 +32,14 @@ rules:
       - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
     resources: [oidcidentityproviders/status]
     verbs: [get, patch, update]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
+    resources: [ldapidentityproviders]
+    verbs: [get, list, watch]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
+    resources: [ldapidentityproviders/status]
+    verbs: [get, patch, update]
     #! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set
     #! as an owner reference.
   - apiGroups: [""]