From 43de72cab473af32ca91131827ae47da383affb4 Mon Sep 17 00:00:00 2001
From: friedrich goerz <friedrich.goerz@netgo.de>
Date: Fri, 13 Jan 2023 18:51:13 +0100
Subject: [PATCH] DEV-796: doing argocd RBAC stuff

---
 clusterspecifics/appprojects/mobene.yaml | 25 ++++++++++++++++++++++++
 values.yaml                              |  3 ---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/clusterspecifics/appprojects/mobene.yaml b/clusterspecifics/appprojects/mobene.yaml
index 0ef5d3b..dd2afeb 100644
--- a/clusterspecifics/appprojects/mobene.yaml
+++ b/clusterspecifics/appprojects/mobene.yaml
@@ -34,3 +34,28 @@ spec:
     server: https://kubernetes.default.svc
   - namespace: mobene-keycloak
     server: https://kubernetes.default.svc
+
+  roles:
+    - description: Group to developers to deploy on DEV environment
+      groups:
+        - mobenedevs
+      name: mobene-devs
+      policies:
+        - >-
+          p, proj:mobene:mobenedevs, applications, get,
+          mobene/*, allow
+        - >-
+          p, proj:mobene:mobenedevs, applications, create,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, update,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, delete,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, sync,
+          mobene/*, allow
+        - >-
+          p, proj:mobene:mobenedevs, applications, override,
+          mobene/*, deny
diff --git a/values.yaml b/values.yaml
index dd1124d..c9ac581 100644
--- a/values.yaml
+++ b/values.yaml
@@ -18,9 +18,6 @@ bootstrap:
       rbacConfig:
         policy.default: role:readonly
         policy.csv: |
-          p, role:mobene-devs, projects, get, mobene, allow
-          p, role:mobene-devs, applications, sync, mobene/*, allow
-          p, role:mobene-devs, logs, get, mobene/*, allow
           g, admin, role:admin
           g, argocd-admins, role:admin
           g, mobenedevs, role:mobene-devs