---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cis-admin
rules:
  - apiGroups:
      - cis.cattle.io
    resources:
      - clusterscanbenchmarks
      - clusterscanprofiles
      - clusterscans
      - clusterscanreports
    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
  - apiGroups:
      - catalog.cattle.io
    resources: ["apps"]
    resourceNames: ["rancher-cis-benchmark"]
    verbs: ["get", "watch", "list"]
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cis-view
rules:
  - apiGroups:
      - cis.cattle.io
    resources:
      - clusterscanbenchmarks
      - clusterscanprofiles
      - clusterscans
      - clusterscanreports
    verbs: ["get", "watch", "list"]
  - apiGroups:
      - catalog.cattle.io
    resources: ["apps"]
    resourceNames: ["rancher-cis-benchmark"]
    verbs: ["get", "watch", "list"]
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs: ["get", "watch", "list"]