apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-admin: "true"
  name: konflux-admin-user-actions-batch
rules:
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-admin: "true"
  name: konflux-admin-user-actions-core
rules:
- apiGroups:
  - appstudio.redhat.com
  resources:
  - applications
  - components
  - imagerepositories
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
  - deletecollection
- apiGroups:
  - appstudio.redhat.com
  resources:
  - snapshots
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - tekton.dev
  resources:
  - taskruns
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - tekton.dev
  resources:
  - pipelineruns
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - results.tekton.dev
  resources:
  - results
  - records
  - logs
  verbs:
  - get
  - list
- apiGroups:
  - appstudio.redhat.com
  resources:
  - enterprisecontractpolicies
  - integrationtestscenarios
  - releases
  - releaseplans
  - releaseplanadmissions
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - roles
  - rolebindings
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - serviceaccounts
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - serviceaccounts/token
  verbs:
  - create
- apiGroups:
  - pipelinesascode.tekton.dev
  resources:
  - repositories
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-admin: "true"
  name: konflux-admin-user-actions-extra
rules:
- apiGroups:
  - projctl.konflux.dev
  resources:
  - projects
  - projectdevelopmentstreams
  - projectdevelopmentstreamtemplates
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-contributor: "true"
  name: konflux-contributor-user-actions-core
rules:
- apiGroups:
  - appstudio.redhat.com
  resources:
  - applications
  - components
  - imagerepositories
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - snapshots
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - tekton.dev
  resources:
  - pipelineruns
  - taskruns
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - results.tekton.dev
  resources:
  - results
  - records
  - logs
  verbs:
  - get
  - list
- apiGroups:
  - appstudio.redhat.com
  resources:
  - integrationtestscenarios
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - enterprisecontractpolicies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releases
  - releaseplans
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releaseplanadmissions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - pods/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-contributor: "true"
  name: konflux-contributor-user-actions-extra
rules:
- apiGroups:
  - projctl.konflux.dev
  resources:
  - projects
  - projectdevelopmentstreams
  - projectdevelopmentstreamtemplates
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-maintainer: "true"
  name: konflux-maintainer-user-actions-core
rules:
- apiGroups:
  - appstudio.redhat.com
  resources:
  - applications
  - components
  - imagerepositories
  - snapshots
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
- apiGroups:
  - tekton.dev
  resources:
  - pipelineruns
  - taskruns
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - results.tekton.dev
  resources:
  - results
  - records
  - logs
  verbs:
  - get
  - list
- apiGroups:
  - appstudio.redhat.com
  resources:
  - integrationtestscenarios
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - appstudio.redhat.com
  resources:
  - enterprisecontractpolicies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releases
  - releaseplans
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releaseplanadmissions
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - pods/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-maintainer: "true"
  name: konflux-maintainer-user-actions-extra
rules:
- apiGroups:
  - projctl.konflux.dev
  resources:
  - projects
  - projectdevelopmentstreams
  - projectdevelopmentstreamtemplates
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: konflux-self-access-reviewer
rules:
- apiGroups:
  - authorization.k8s.io
  resources:
  - selfsubjectaccessreviews
  verbs:
  - create
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-viewer: "true"
  name: konflux-viewer-user-actions-core
rules:
- apiGroups:
  - appstudio.redhat.com
  resources:
  - applications
  - components
  - imagerepositories
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - snapshots
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - tekton.dev
  resources:
  - pipelineruns
  - taskruns
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - results.tekton.dev
  resources:
  - results
  - records
  - logs
  verbs:
  - get
  - list
- apiGroups:
  - appstudio.redhat.com
  resources:
  - integrationtestscenarios
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - enterprisecontractpolicies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releases
  - releaseplans
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - appstudio.redhat.com
  resources:
  - releaseplanadmissions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - pods/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    rbac.konflux-ci.dev/aggregate-to-viewer: "true"
  name: konflux-viewer-user-actions-extra
rules:
- apiGroups:
  - projctl.konflux.dev
  resources:
  - projects
  - projectdevelopmentstreams
  - projectdevelopmentstreamtemplates
  verbs:
  - get
  - list
  - watch