try to constrain rbac based on e2e usage

Signed-off-by: Alexander Greene <[email protected]>

Author: awgreene

manifests/0000_50_olm_01-olm-operator.serviceaccount.yaml

@@ -15,11 +15,104 @@ metadata:
     include.release.openshift.io/ibm-cloud-managed: "true"
     include.release.openshift.io/self-managed-high-availability: "true"
 rules:
-  - apiGroups: ["*"]
-    resources: ["*"]
-    verbs: ["*"]
-  - nonResourceURLs: ["*"]
-    verbs: ["*"]
+  - apiGroups:
+    - ""
+    resources:
+    - namespaces
+    - pods
+    - services
+    - pods/status
+    - configmaps
+    - secrets
+    - serviceaccounts
+    verbs:
+    - "*"
+  - apiGroups:
+    - admissionregistration.k8s.io
+    resources:
+    - mutatingwebhookconfigurations
+    - validatingwebhookconfigurations
+    verbs:
+    - "*"
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - "*"
+  - apiGroups:
+    - apiregistration.k8s.io
+    resources:
+    - apiservices
+    verbs:
+    - "*"
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    verbs:
+    - "*"
+  - apiGroups:
+    - batch
+    resources:
+    - jobs
+    verbs:
+    "*"
+  - apiGroups:
+    - config.openshift.io
+    resources:
+    - clusteroperators
+    - infrastructures
+    - proxies
+    verbs:
+    "*"
+  - apiGroups:
+    - coordination.k8s.io
+    resourceNames:
+    - packageserver-controller-lock
+    resources:
+    - leases
+    verbs:
+    "*"
+  - apiGroups:
+    - cluster.com
+    verbs:
+    "*"
+  - apiGroups:
+    - operators.coreos.com
+    resources:
+    "*"
+    verbs:
+    "*"
+  - apiGroups:
+    - rbac.authorization.k8s.io
+    resources:
+    - clusterrolebindings
+    - clusterroles
+    - rolebindings
+    - roles
+    verbs:
+    "*"
+
+  // Test APIs ???
+  - apiGroups:
+    - example.com
+    resources:
+    - tests
+    verbs:
+    "*"
+  - apiGroups:
+    - kiali.io
+    resources:
+    - kialis
+    verbs:
+    "*"
+  - apiGroups:
+    - monitoring.kiali.io
+    resources:
+    - monitoringdashboards
+    verbs:
+    "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding