---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: cis-admin
  namespace: {{ template "cis.namespace" . }}
rules:
  - apiGroups:
      - cis.cattle.io
    resources:
      - clusterscanbenchmarks
      - clusterscanprofiles
      - clusterscans
      - clusterscanreports
    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
  namespace: {{ template "cis.namespace" . }}
  name: cis-edit
rules:
  - apiGroups:
      - cis.cattle.io
    resources:
      - clusterscanbenchmarks
      - clusterscanprofiles
      - clusterscans
      - clusterscanreports
    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  namespace: {{ template "cis.namespace" . }}
  name: cis-view
rules:
  - apiGroups:
      - cis.cattle.io
    resources:
      - clusterscanbenchmarks
      - clusterscanprofiles
      - clusterscans
      - clusterscanreports
    verbs: ["get", "watch", "list"]