apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: tcs-leader-election-role
  namespace: {{ .Release.Namespace | quote }}
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: tcs-metrics-reader
rules:
- nonResourceURLs:
  - /metrics
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: tcs-proxy-role
rules:
- apiGroups:
  - authentication.k8s.io
  resources:
  - tokenreviews
  verbs:
  - create
- apiGroups:
  - authorization.k8s.io
  resources:
  - subjectaccessreviews
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: tcs-role
rules:
- apiGroups:
  - '*'
  resources:
  - secrets
  verbs:
  - create
  - delete
  - get
  - list
  - update
  - watch
  - patch
- apiGroups:
  - cert-manager.io
  resources:
  - certificaterequests
  verbs:
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - cert-manager.io
  resources:
  - certificaterequests/finalizers
  verbs:
  - update
- apiGroups:
  - cert-manager.io
  resources:
  - certificaterequests/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests/finalizers
  verbs:
  - update
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - certificates.k8s.io
  resourceNames:
  - tcsclusterissuer.tcs.intel.com/*
  - tcsissuer.tcs.intel.com/*
  resources:
  - signers
  verbs:
  - sign
- apiGroups:
  - tcs.intel.com
  resources:
  - quoteattestations
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - tcs.intel.com
  resources:
  - quoteattestations/finalizers
  verbs:
  - update
- apiGroups:
  - tcs.intel.com
  resources:
  - quoteattestations/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - tcs.intel.com
  resources:
  - tcsclusterissuers
  - tcsissuers
  verbs:
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - tcs.intel.com
  resources:
  - tcsclusterissuers/status
  - tcsissuers/status
  verbs:
  - get
  - patch
  - update