From 5fba9542032a5d8ca574229d22039b9a13e99a6f Mon Sep 17 00:00:00 2001
From: CBSWorkshop <mikhailkuzmenko@workshop.cb-sa.io>
Date: Mon, 13 Mar 2023 20:11:30 +0000
Subject: [PATCH] adding rbac updates for rbac lab

---
 bundle/bundle.yaml |  4 +++-
 bundle/rbac.yaml   | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 bundle/rbac.yaml

diff --git a/bundle/bundle.yaml b/bundle/bundle.yaml
index 5cee6bc..4ad74b9 100644
--- a/bundle/bundle.yaml
+++ b/bundle/bundle.yaml
@@ -1,6 +1,8 @@
 apiVersion: "1"
-version: "1"
+version: "2"
 id: "CBSWorkshop-dev-controller"
 description: "CloudBees CI configuration bundle for the CBSWorkshop dev-controller Controller"
 availabilityPattern: "cloudbees-ci-casc-workshop/cbsworkshop/dev-controller"
 parent: "base"
+rbac:
+  - "rbac.yaml"
diff --git a/bundle/rbac.yaml b/bundle/rbac.yaml
new file mode 100644
index 0000000..65433dd
--- /dev/null
+++ b/bundle/rbac.yaml
@@ -0,0 +1,39 @@
+removeStrategy:
+  rbac: SYNC
+roles:
+- name: authenticated
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.Read
+  - hudson.model.Item.Read
+  - hudson.model.View.Read
+- name: administrator
+  permissions:
+  - hudson.model.Hudson.Administer
+- name: manager
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.SystemRead
+  - hudson.model.Hudson.Manage
+  - com.cloudbees.plugins.credentials.CredentialsProvider.View
+  - com.cloudbees.pipeline.governance.templates.catalog.TemplateCatalogAction.ViewCatalogs
+  - com.cloudbees.jenkins.plugin.metrics.views.Alerter.View
+  - nectar.plugins.rbac.groups.Group.View
+  - nectar.plugins.rbac.roles.Role.View
+groups:
+- name: controller-admins
+  members:
+    users:
+    - admin
+    - team-admin
+    - "mikhailkuzmenko-admin"
+  roles:
+  - name: administrator
+    grantedAt: current
+- name: controller-managers
+  members:
+    users:
+    - "mikhailkuzmenko"
+  roles:
+  - name: manager
+    grantedAt: current