steve/pkg/ext/testdata/rbac.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: read-only
rules:
- apiGroups: ["ext.cattle.io"]
  verbs: ["list", "get", "watch"]
  resources: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: read-write
rules:
- apiGroups: ["ext.cattle.io"]
  verbs: ["list", "get", "watch", "create", "update", "patch", "delete"]
  resources: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: update-not-create
rules:
- apiGroups: ["ext.cattle.io"]
  verbs: ["list", "get", "watch", "update"]
  resources: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: all
rules:
- apiGroups: ["ext.cattle.io"]
  verbs: ["*"]
  resources: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: other
rules:
- apiGroups: ["management.cattle.io"]
  verbs: ["*"]
  resources: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: read-only
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: read-only
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-write
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: read-write
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: read-write
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: update-not-create
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: update-not-create
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: update-not-create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: all
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: all
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: all
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: other
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: other
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: other
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only-error
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: read-only
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: read-only-error