From 465c42704294e57072c2c48054627740e7309557 Mon Sep 17 00:00:00 2001
From: Daniel Fan <fanyuchensx@gmail.com>
Date: Fri, 15 Nov 2024 14:01:16 -0500
Subject: [PATCH] add related permission for MongoDB cleanup in post DB
 migration (#2305)

Signed-off-by: Daniel Fan <fanyuchensx@gmail.com>
---
 .../common/nss-managed-bedrock-core-role.yaml | 129 ++++++++++++++----
 1 file changed, 101 insertions(+), 28 deletions(-)

diff --git a/cp3pt0-deployment/common/nss-managed-bedrock-core-role.yaml b/cp3pt0-deployment/common/nss-managed-bedrock-core-role.yaml
index 8412dcbaa..36d09462d 100644
--- a/cp3pt0-deployment/common/nss-managed-bedrock-core-role.yaml
+++ b/cp3pt0-deployment/common/nss-managed-bedrock-core-role.yaml
@@ -849,34 +849,6 @@ rules:
       - policy
     resources:
       - poddisruptionbudgets
-  - verbs:
-      - create
-      - delete
-      - watch
-      - get
-      - list
-      - patch
-      - update
-    apiGroups:
-      - oidc.security.ibm.com
-    resources:
-      - clients
-      - clients/finalizers
-      - clients/status
-  - verbs:
-      - create
-      - delete
-      - watch
-      - get
-      - list
-      - patch
-      - update
-    apiGroups:
-      - ''
-    resources:
-      - secrets
-      - services
-      - endpoints
   - verbs:
       - get
       - list
@@ -1113,6 +1085,107 @@ rules:
       - zen.cpd.ibm.com
     resources:
       - zenextensions
+  - verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    apiGroups:
+      - ''
+    resources:
+      - pods
+      - services
+      - services/finalizers
+      - serviceaccounts
+      - endpoints
+      - persistentvolumeclaims
+      - events
+      - configmaps
+      - secrets
+  - verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    apiGroups:
+      - apps
+    resources:
+      - deployments
+      - daemonsets
+      - replicasets
+      - statefulsets
+  - verbs:
+      - get
+      - create
+    apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+  - verbs:
+      - update
+    apiGroups:
+      - apps
+    resources:
+      - deployments/finalizers
+    resourceNames:
+      - ibm-mongodb-operator
+  - verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    apiGroups:
+      - operator.ibm.com
+    resources:
+      - mongodbs
+      - mongodbs/finalizers
+      - mongodbs/status
+  - verbs:
+      - delete
+      - get
+      - list
+      - watch
+    apiGroups:
+      - certmanager.k8s.io
+    resources:
+      - certificates
+      - certificaterequests
+      - orders
+      - challenges
+      - issuers
+  - verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    apiGroups:
+      - cert-manager.io
+    resources:
+      - certificates
+      - certificaterequests
+      - orders
+      - challenges
+      - issuers
+  - verbs:
+      - delete
+      - get
+      - list
+    apiGroups:
+      - operator.ibm.com
+    resources:
+      - operandrequests
   - verbs:
       - create
       - get