From 007b6ae27943bf8c60f771474da862f3aed80c42 Mon Sep 17 00:00:00 2001 From: Tomas Nevrlka Date: Fri, 20 Dec 2024 16:15:42 +0100 Subject: [PATCH] remove references to jbs in sandbox/tiers - There are mentions of jvm-build-service in components/sandbox/tiers - Manually remove the references from `components/sandbox/tiers/src` - Run `ksctl generate nstemplatetiers --source ./src --out-dir ./production` as mentioned in README (same for staging) which automatically generates many new files --- .../production/appstudio/kustomization.yaml | 4 + .../appstudio/nstemplatetier-appstudio.yaml | 8 +- ...appstudio-admin-1611646139-1611646139.yaml | 268 ++++++++++++++++++ ...dio-contributor-3265408548-3265408548.yaml | 172 +++++++++++ ...udio-maintainer-1881194462-1881194462.yaml | 190 +++++++++++++ ...ppstudio-viewer-3768244154-3768244154.yaml | 171 +++++++++++ .../appstudiolarge/kustomization.yaml | 4 + .../nstemplatetier-appstudiolarge.yaml | 8 +- ...udiolarge-admin-2084392855-1611646139.yaml | 268 ++++++++++++++++++ ...rge-contributor-2084392855-3265408548.yaml | 172 +++++++++++ ...arge-maintainer-2084392855-1881194462.yaml | 190 +++++++++++++ ...diolarge-viewer-2084392855-3768244154.yaml | 171 +++++++++++ .../appstudioxlarge/kustomization.yaml | 4 + .../nstemplatetier-appstudioxlarge.yaml | 8 +- ...dioxlarge-admin-3195294905-1611646139.yaml | 268 ++++++++++++++++++ ...rge-contributor-3195294905-3265408548.yaml | 172 +++++++++++ ...arge-maintainer-3195294905-1881194462.yaml | 190 +++++++++++++ ...ioxlarge-viewer-3195294905-3768244154.yaml | 171 +++++++++++ .../tiers/src/appstudio/spacerole_admin.yaml | 13 - .../src/appstudio/spacerole_contributor.yaml | 9 - .../src/appstudio/spacerole_maintainer.yaml | 12 - .../tiers/src/appstudio/spacerole_viewer.yaml | 9 - .../staging/appstudio/kustomization.yaml | 4 + .../appstudio/nstemplatetier-appstudio.yaml | 8 +- ...appstudio-admin-1611646139-1611646139.yaml | 268 ++++++++++++++++++ ...dio-contributor-3265408548-3265408548.yaml | 172 +++++++++++ ...udio-maintainer-1881194462-1881194462.yaml | 190 +++++++++++++ ...ppstudio-viewer-3768244154-3768244154.yaml | 171 +++++++++++ .../staging/appstudiolarge/kustomization.yaml | 4 + .../nstemplatetier-appstudiolarge.yaml | 8 +- ...udiolarge-admin-2084392855-1611646139.yaml | 268 ++++++++++++++++++ ...rge-contributor-2084392855-3265408548.yaml | 172 +++++++++++ ...arge-maintainer-2084392855-1881194462.yaml | 190 +++++++++++++ ...diolarge-viewer-2084392855-3768244154.yaml | 171 +++++++++++ .../appstudioxlarge/kustomization.yaml | 4 + .../nstemplatetier-appstudioxlarge.yaml | 8 +- ...dioxlarge-admin-3195294905-1611646139.yaml | 268 ++++++++++++++++++ ...rge-contributor-3195294905-3265408548.yaml | 172 +++++++++++ ...arge-maintainer-3195294905-1881194462.yaml | 190 +++++++++++++ ...ioxlarge-viewer-3195294905-3768244154.yaml | 171 +++++++++++ 40 files changed, 4854 insertions(+), 67 deletions(-) create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml create mode 100644 components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml create mode 100644 components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml create mode 100644 components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml create mode 100644 components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml create mode 100644 components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml create mode 100644 components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml diff --git a/components/sandbox/tiers/production/appstudio/kustomization.yaml b/components/sandbox/tiers/production/appstudio/kustomization.yaml index 111b80d9b2f..158fbf4ef8e 100644 --- a/components/sandbox/tiers/production/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudio/kustomization.yaml @@ -6,6 +6,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudio.yaml +- tiertemplate-appstudio-admin-1611646139-1611646139.yaml - tiertemplate-appstudio-admin-1876853981-1876853981.yaml - tiertemplate-appstudio-admin-2415879015-2415879015.yaml - tiertemplate-appstudio-admin-849337768-849337768.yaml @@ -13,7 +14,9 @@ resources: - tiertemplate-appstudio-clusterresources-593233715-593233715.yaml - tiertemplate-appstudio-clusterresources-809836689-809836689.yaml - tiertemplate-appstudio-contributor-1817914940-1817914940.yaml +- tiertemplate-appstudio-contributor-3265408548-3265408548.yaml - tiertemplate-appstudio-contributor-829105171-829105171.yaml +- tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml - tiertemplate-appstudio-maintainer-1904354742-1904354742.yaml - tiertemplate-appstudio-maintainer-293087644-293087644.yaml - tiertemplate-appstudio-maintainer-341231795-341231795.yaml @@ -27,5 +30,6 @@ resources: - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml +- tiertemplate-appstudio-viewer-3768244154-3768244154.yaml - tiertemplate-appstudio-viewer-4059797645-4059797645.yaml - tiertemplate-appstudio-viewer-4256863455-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml index b959a211bf8..a7934f9254a 100644 --- a/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/production/appstudio/nstemplatetier-appstudio.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudio-tenant-3054647054-3054647054 spaceRoles: admin: - templateRef: appstudio-admin-849337768-849337768 + templateRef: appstudio-admin-1611646139-1611646139 contributor: - templateRef: appstudio-contributor-829105171-829105171 + templateRef: appstudio-contributor-3265408548-3265408548 maintainer: - templateRef: appstudio-maintainer-341231795-341231795 + templateRef: appstudio-maintainer-1881194462-1881194462 viewer: - templateRef: appstudio-viewer-4256863455-4256863455 + templateRef: appstudio-viewer-3768244154-3768244154 status: {} diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml new file mode 100644 index 00000000000..87d2c42b649 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-admin-1611646139-1611646139 + namespace: toolchain-host-operator +spec: + revision: 1611646139-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: admin diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml new file mode 100644 index 00000000000..69e18fb6e45 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-contributor-3265408548-3265408548 + namespace: toolchain-host-operator +spec: + revision: 3265408548-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: contributor diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml new file mode 100644 index 00000000000..d9c717e2232 --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-maintainer-1881194462-1881194462 + namespace: toolchain-host-operator +spec: + revision: 1881194462-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: maintainer diff --git a/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml new file mode 100644 index 00000000000..5ea59796fda --- /dev/null +++ b/components/sandbox/tiers/production/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-viewer-3768244154-3768244154 + namespace: toolchain-host-operator +spec: + revision: 3768244154-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: viewer diff --git a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml index c1d2856c673..ca6cee5a526 100644 --- a/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/kustomization.yaml @@ -12,6 +12,7 @@ resources: - tiertemplate-appstudiolarge-admin-1893065526-849337768.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml - tiertemplate-appstudiolarge-admin-2084392855-849337768.yaml - tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml @@ -29,6 +30,7 @@ resources: - tiertemplate-appstudiolarge-contributor-1893065526-829105171.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml - tiertemplate-appstudiolarge-contributor-2084392855-829105171.yaml - tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml @@ -39,6 +41,7 @@ resources: - tiertemplate-appstudiolarge-maintainer-1893065526-474752551.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml - tiertemplate-appstudiolarge-maintainer-2084392855-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml @@ -60,6 +63,7 @@ resources: - tiertemplate-appstudiolarge-viewer-1893065526-4256863455.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml - tiertemplate-appstudiolarge-viewer-2084392855-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml index e44ca343926..decdf138023 100644 --- a/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/production/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudiolarge-tenant-2084392855-3054647054 spaceRoles: admin: - templateRef: appstudiolarge-admin-2084392855-849337768 + templateRef: appstudiolarge-admin-2084392855-1611646139 contributor: - templateRef: appstudiolarge-contributor-2084392855-829105171 + templateRef: appstudiolarge-contributor-2084392855-3265408548 maintainer: - templateRef: appstudiolarge-maintainer-2084392855-341231795 + templateRef: appstudiolarge-maintainer-2084392855-1881194462 viewer: - templateRef: appstudiolarge-viewer-2084392855-4256863455 + templateRef: appstudiolarge-viewer-2084392855-3768244154 status: {} diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml new file mode 100644 index 00000000000..de2cb662f8e --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-2084392855-1611646139 + namespace: toolchain-host-operator +spec: + revision: 2084392855-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml new file mode 100644 index 00000000000..f25ea345e7b --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-2084392855-3265408548 + namespace: toolchain-host-operator +spec: + revision: 2084392855-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml new file mode 100644 index 00000000000..d7ebd8d5fc6 --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-2084392855-1881194462 + namespace: toolchain-host-operator +spec: + revision: 2084392855-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml new file mode 100644 index 00000000000..e089e50eb8b --- /dev/null +++ b/components/sandbox/tiers/production/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-2084392855-3768244154 + namespace: toolchain-host-operator +spec: + revision: 2084392855-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml index d94ed0c53c0..5bbddd8e84e 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/kustomization.yaml @@ -9,6 +9,7 @@ resources: - tiertemplate-appstudioxlarge-admin-1579464439-849337768.yaml - tiertemplate-appstudioxlarge-admin-1655178728-849337768.yaml - tiertemplate-appstudioxlarge-admin-2011494876-849337768.yaml +- tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml - tiertemplate-appstudioxlarge-admin-3195294905-849337768.yaml - tiertemplate-appstudioxlarge-admin-380792096-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml @@ -25,6 +26,7 @@ resources: - tiertemplate-appstudioxlarge-contributor-1579464439-829105171.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-2011494876-829105171.yaml +- tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml - tiertemplate-appstudioxlarge-contributor-3195294905-829105171.yaml - tiertemplate-appstudioxlarge-contributor-380792096-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml @@ -34,6 +36,7 @@ resources: - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-474752551.yaml +- tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml - tiertemplate-appstudioxlarge-maintainer-3195294905-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-380792096-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml @@ -52,6 +55,7 @@ resources: - tiertemplate-appstudioxlarge-viewer-1579464439-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-2011494876-4256863455.yaml +- tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml - tiertemplate-appstudioxlarge-viewer-3195294905-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-380792096-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml diff --git a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index c777b5b6e58..638eec9651f 100644 --- a/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/production/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudioxlarge-tenant-3195294905-3054647054 spaceRoles: admin: - templateRef: appstudioxlarge-admin-3195294905-849337768 + templateRef: appstudioxlarge-admin-3195294905-1611646139 contributor: - templateRef: appstudioxlarge-contributor-3195294905-829105171 + templateRef: appstudioxlarge-contributor-3195294905-3265408548 maintainer: - templateRef: appstudioxlarge-maintainer-3195294905-341231795 + templateRef: appstudioxlarge-maintainer-3195294905-1881194462 viewer: - templateRef: appstudioxlarge-viewer-3195294905-4256863455 + templateRef: appstudioxlarge-viewer-3195294905-3768244154 status: {} diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml new file mode 100644 index 00000000000..d13c8ff1314 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-3195294905-1611646139 + namespace: toolchain-host-operator +spec: + revision: 3195294905-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml new file mode 100644 index 00000000000..12f25eb5b25 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-3195294905-3265408548 + namespace: toolchain-host-operator +spec: + revision: 3195294905-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml new file mode 100644 index 00000000000..393b0966c86 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-3195294905-1881194462 + namespace: toolchain-host-operator +spec: + revision: 3195294905-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml new file mode 100644 index 00000000000..793583902c7 --- /dev/null +++ b/components/sandbox/tiers/production/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-3195294905-3768244154 + namespace: toolchain-host-operator +spec: + revision: 3195294905-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer diff --git a/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml b/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml index 9b4ea445294..80d1efe6f5e 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_admin.yaml @@ -103,19 +103,6 @@ objects: - update - patch - delete - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - apiGroups: - "" resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml b/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml index 2fa7ceb3642..35ac2662e57 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_contributor.yaml @@ -104,15 +104,6 @@ objects: - get - list - watch - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - apiGroups: - '' resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml b/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml index 834171e7075..63b349fb833 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_maintainer.yaml @@ -119,18 +119,6 @@ objects: - update - patch - delete - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - - create - - update - - patch - apiGroups: - '' resources: diff --git a/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml b/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml index a308ef745f4..5c2d23e2715 100644 --- a/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml +++ b/components/sandbox/tiers/src/appstudio/spacerole_viewer.yaml @@ -103,15 +103,6 @@ objects: - get - list - watch - - apiGroups: - - jvmbuildservice.io - resources: - - jbsconfigs - - artifactbuilds - verbs: - - get - - list - - watch - apiGroups: - '' resources: diff --git a/components/sandbox/tiers/staging/appstudio/kustomization.yaml b/components/sandbox/tiers/staging/appstudio/kustomization.yaml index 111b80d9b2f..158fbf4ef8e 100644 --- a/components/sandbox/tiers/staging/appstudio/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudio/kustomization.yaml @@ -6,6 +6,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - nstemplatetier-appstudio.yaml +- tiertemplate-appstudio-admin-1611646139-1611646139.yaml - tiertemplate-appstudio-admin-1876853981-1876853981.yaml - tiertemplate-appstudio-admin-2415879015-2415879015.yaml - tiertemplate-appstudio-admin-849337768-849337768.yaml @@ -13,7 +14,9 @@ resources: - tiertemplate-appstudio-clusterresources-593233715-593233715.yaml - tiertemplate-appstudio-clusterresources-809836689-809836689.yaml - tiertemplate-appstudio-contributor-1817914940-1817914940.yaml +- tiertemplate-appstudio-contributor-3265408548-3265408548.yaml - tiertemplate-appstudio-contributor-829105171-829105171.yaml +- tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml - tiertemplate-appstudio-maintainer-1904354742-1904354742.yaml - tiertemplate-appstudio-maintainer-293087644-293087644.yaml - tiertemplate-appstudio-maintainer-341231795-341231795.yaml @@ -27,5 +30,6 @@ resources: - tiertemplate-appstudio-tenant-3815075241-3815075241.yaml - tiertemplate-appstudio-tenant-4121561789-4121561789.yaml - tiertemplate-appstudio-tenant-649666048-649666048.yaml +- tiertemplate-appstudio-viewer-3768244154-3768244154.yaml - tiertemplate-appstudio-viewer-4059797645-4059797645.yaml - tiertemplate-appstudio-viewer-4256863455-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml index b959a211bf8..a7934f9254a 100644 --- a/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml +++ b/components/sandbox/tiers/staging/appstudio/nstemplatetier-appstudio.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudio-tenant-3054647054-3054647054 spaceRoles: admin: - templateRef: appstudio-admin-849337768-849337768 + templateRef: appstudio-admin-1611646139-1611646139 contributor: - templateRef: appstudio-contributor-829105171-829105171 + templateRef: appstudio-contributor-3265408548-3265408548 maintainer: - templateRef: appstudio-maintainer-341231795-341231795 + templateRef: appstudio-maintainer-1881194462-1881194462 viewer: - templateRef: appstudio-viewer-4256863455-4256863455 + templateRef: appstudio-viewer-3768244154-3768244154 status: {} diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml new file mode 100644 index 00000000000..87d2c42b649 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-admin-1611646139-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-admin-1611646139-1611646139 + namespace: toolchain-host-operator +spec: + revision: 1611646139-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: admin diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml new file mode 100644 index 00000000000..69e18fb6e45 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-contributor-3265408548-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-contributor-3265408548-3265408548 + namespace: toolchain-host-operator +spec: + revision: 3265408548-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: contributor diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml new file mode 100644 index 00000000000..d9c717e2232 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-maintainer-1881194462-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-maintainer-1881194462-1881194462 + namespace: toolchain-host-operator +spec: + revision: 1881194462-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml new file mode 100644 index 00000000000..5ea59796fda --- /dev/null +++ b/components/sandbox/tiers/staging/appstudio/tiertemplate-appstudio-viewer-3768244154-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudio-viewer-3768244154-3768244154 + namespace: toolchain-host-operator +spec: + revision: 3768244154-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudio + type: viewer diff --git a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml index 54cae714baa..227e5476495 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/kustomization.yaml @@ -12,6 +12,7 @@ resources: - tiertemplate-appstudiolarge-admin-1893065526-849337768.yaml - tiertemplate-appstudiolarge-admin-1929014883-1876853981.yaml - tiertemplate-appstudiolarge-admin-1929014883-849337768.yaml +- tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml - tiertemplate-appstudiolarge-admin-2084392855-849337768.yaml - tiertemplate-appstudiolarge-admin-3738936794-849337768.yaml - tiertemplate-appstudiolarge-admin-3971529334-849337768.yaml @@ -29,6 +30,7 @@ resources: - tiertemplate-appstudiolarge-contributor-1893065526-829105171.yaml - tiertemplate-appstudiolarge-contributor-1929014883-1817914940.yaml - tiertemplate-appstudiolarge-contributor-1929014883-829105171.yaml +- tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml - tiertemplate-appstudiolarge-contributor-2084392855-829105171.yaml - tiertemplate-appstudiolarge-contributor-3738936794-829105171.yaml - tiertemplate-appstudiolarge-contributor-3971529334-829105171.yaml @@ -39,6 +41,7 @@ resources: - tiertemplate-appstudiolarge-maintainer-1893065526-474752551.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-1904354742.yaml - tiertemplate-appstudiolarge-maintainer-1929014883-293087644.yaml +- tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml - tiertemplate-appstudiolarge-maintainer-2084392855-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3738936794-341231795.yaml - tiertemplate-appstudiolarge-maintainer-3971529334-474752551.yaml @@ -61,6 +64,7 @@ resources: - tiertemplate-appstudiolarge-viewer-1893065526-4256863455.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4059797645.yaml - tiertemplate-appstudiolarge-viewer-1929014883-4256863455.yaml +- tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml - tiertemplate-appstudiolarge-viewer-2084392855-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3738936794-4256863455.yaml - tiertemplate-appstudiolarge-viewer-3971529334-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml index e44ca343926..decdf138023 100644 --- a/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml +++ b/components/sandbox/tiers/staging/appstudiolarge/nstemplatetier-appstudiolarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudiolarge-tenant-2084392855-3054647054 spaceRoles: admin: - templateRef: appstudiolarge-admin-2084392855-849337768 + templateRef: appstudiolarge-admin-2084392855-1611646139 contributor: - templateRef: appstudiolarge-contributor-2084392855-829105171 + templateRef: appstudiolarge-contributor-2084392855-3265408548 maintainer: - templateRef: appstudiolarge-maintainer-2084392855-341231795 + templateRef: appstudiolarge-maintainer-2084392855-1881194462 viewer: - templateRef: appstudiolarge-viewer-2084392855-4256863455 + templateRef: appstudiolarge-viewer-2084392855-3768244154 status: {} diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml new file mode 100644 index 00000000000..de2cb662f8e --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-admin-2084392855-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-admin-2084392855-1611646139 + namespace: toolchain-host-operator +spec: + revision: 2084392855-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml new file mode 100644 index 00000000000..f25ea345e7b --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-contributor-2084392855-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-contributor-2084392855-3265408548 + namespace: toolchain-host-operator +spec: + revision: 2084392855-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml new file mode 100644 index 00000000000..d7ebd8d5fc6 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-maintainer-2084392855-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-maintainer-2084392855-1881194462 + namespace: toolchain-host-operator +spec: + revision: 2084392855-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml new file mode 100644 index 00000000000..e089e50eb8b --- /dev/null +++ b/components/sandbox/tiers/staging/appstudiolarge/tiertemplate-appstudiolarge-viewer-2084392855-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudiolarge-viewer-2084392855-3768244154 + namespace: toolchain-host-operator +spec: + revision: 2084392855-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudiolarge + type: viewer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml index d94ed0c53c0..5bbddd8e84e 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/kustomization.yaml @@ -9,6 +9,7 @@ resources: - tiertemplate-appstudioxlarge-admin-1579464439-849337768.yaml - tiertemplate-appstudioxlarge-admin-1655178728-849337768.yaml - tiertemplate-appstudioxlarge-admin-2011494876-849337768.yaml +- tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml - tiertemplate-appstudioxlarge-admin-3195294905-849337768.yaml - tiertemplate-appstudioxlarge-admin-380792096-849337768.yaml - tiertemplate-appstudioxlarge-admin-409719430-849337768.yaml @@ -25,6 +26,7 @@ resources: - tiertemplate-appstudioxlarge-contributor-1579464439-829105171.yaml - tiertemplate-appstudioxlarge-contributor-1655178728-829105171.yaml - tiertemplate-appstudioxlarge-contributor-2011494876-829105171.yaml +- tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml - tiertemplate-appstudioxlarge-contributor-3195294905-829105171.yaml - tiertemplate-appstudioxlarge-contributor-380792096-829105171.yaml - tiertemplate-appstudioxlarge-contributor-409719430-829105171.yaml @@ -34,6 +36,7 @@ resources: - tiertemplate-appstudioxlarge-maintainer-1655178728-474752551.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-2011494876-474752551.yaml +- tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml - tiertemplate-appstudioxlarge-maintainer-3195294905-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-380792096-341231795.yaml - tiertemplate-appstudioxlarge-maintainer-409719430-474752551.yaml @@ -52,6 +55,7 @@ resources: - tiertemplate-appstudioxlarge-viewer-1579464439-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-1655178728-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-2011494876-4256863455.yaml +- tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml - tiertemplate-appstudioxlarge-viewer-3195294905-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-380792096-4256863455.yaml - tiertemplate-appstudioxlarge-viewer-409719430-4256863455.yaml diff --git a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml index c777b5b6e58..638eec9651f 100644 --- a/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml +++ b/components/sandbox/tiers/staging/appstudioxlarge/nstemplatetier-appstudioxlarge.yaml @@ -14,11 +14,11 @@ spec: - templateRef: appstudioxlarge-tenant-3195294905-3054647054 spaceRoles: admin: - templateRef: appstudioxlarge-admin-3195294905-849337768 + templateRef: appstudioxlarge-admin-3195294905-1611646139 contributor: - templateRef: appstudioxlarge-contributor-3195294905-829105171 + templateRef: appstudioxlarge-contributor-3195294905-3265408548 maintainer: - templateRef: appstudioxlarge-maintainer-3195294905-341231795 + templateRef: appstudioxlarge-maintainer-3195294905-1881194462 viewer: - templateRef: appstudioxlarge-viewer-3195294905-4256863455 + templateRef: appstudioxlarge-viewer-3195294905-3768244154 status: {} diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml new file mode 100644 index 00000000000..d13c8ff1314 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-admin-3195294905-1611646139.yaml @@ -0,0 +1,268 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-admin-3195294905-1611646139 + namespace: toolchain-host-operator +spec: + revision: 3195294905-1611646139 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-admin-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + - integrationtestscenarios + - releases + - releasestrategies + - releaseplans + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - appstudio-pipeline + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - external-secrets.io + resources: + - secretstores + - externalsecrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-admin-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-admin-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: admin diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml new file mode 100644 index 00000000000..12f25eb5b25 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-contributor-3195294905-3265408548.yaml @@ -0,0 +1,172 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-contributor-3195294905-3265408548 + namespace: toolchain-host-operator +spec: + revision: 3195294905-3265408548 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-contributor-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-contributor-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-contributor-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: contributor diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml new file mode 100644 index 00000000000..393b0966c86 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-maintainer-3195294905-1881194462.yaml @@ -0,0 +1,190 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-maintainer-3195294905-1881194462 + namespace: toolchain-host-operator +spec: + revision: 3195294905-1881194462 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-maintainer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - imagerepositories + - componentdetectionqueries + - snapshots + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-maintainer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-maintainer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: maintainer diff --git a/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml new file mode 100644 index 00000000000..793583902c7 --- /dev/null +++ b/components/sandbox/tiers/staging/appstudioxlarge/tiertemplate-appstudioxlarge-viewer-3195294905-3768244154.yaml @@ -0,0 +1,171 @@ +# ---------------------------------------------------------------- +# Generated by cli - DO NOT EDIT +# ---------------------------------------------------------------- + +apiVersion: toolchain.dev.openshift.com/v1alpha1 +kind: TierTemplate +metadata: + name: appstudioxlarge-viewer-3195294905-3768244154 + namespace: toolchain-host-operator +spec: + revision: 3195294905-3768244154 + template: + apiVersion: template.openshift.io/v1 + kind: Template + metadata: {} + objects: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: appstudio-viewer-user-actions + namespace: ${NAMESPACE} + rules: + - apiGroups: + - appstudio.redhat.com + resources: + - applications + - components + - componentdetectionqueries + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - promotionruns + - snapshotenvironmentbindings + - snapshots + - environments + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - deploymenttargets + - deploymenttargetclaims + verbs: + - get + - list + - watch + - apiGroups: + - managed-gitops.redhat.com + resources: + - gitopsdeployments + - gitopsdeploymentmanagedenvironments + - gitopsdeploymentrepositorycredentials + - gitopsdeploymentsyncruns + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - apiGroups: + - results.tekton.dev + resources: + - results + - records + - logs + verbs: + - get + - list + - apiGroups: + - appstudio.redhat.com + resources: + - integrationtestscenarios + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - enterprisecontractpolicies + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releases + - releasestrategies + - releaseplans + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - releaseplanadmissions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - appstudio.redhat.com + resources: + - buildpipelineselectors + verbs: + - get + - list + - watch + - apiGroups: + - projctl.konflux.dev + resources: + - projects + - projectdevelopmentstreams + - projectdevelopmentstreamtemplates + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-viewer-${USERNAME}-actions-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appstudio-viewer-user-actions + subjects: + - kind: User + name: ${USERNAME} + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: appstudio-${USERNAME}-view-user + namespace: ${NAMESPACE} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view + subjects: + - kind: User + name: ${USERNAME} + parameters: + - name: NAMESPACE + required: true + - name: USERNAME + required: true + tierName: appstudioxlarge + type: viewer