From a1a0d67dc058dbe3dab9343a3b9c058d28a770ad Mon Sep 17 00:00:00 2001
From: Shivam Mukhade <smukhade@redhat.com>
Date: Mon, 23 Aug 2021 12:22:55 +0530
Subject: [PATCH] [OpenShift] Fixes rbac for Operator service account

Operator's service account cannot create rolebinding from clusterrole
which has roles it doesn't posses for which it requires `bind` verb.
and to create clusteroles it requires `escalate` verb if roles mentioned
in clusterrole are not possesed by it.

Signed-off-by: Shivam Mukhade <smukhade@redhat.com>
---
 config/openshift/role.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/openshift/role.yaml b/config/openshift/role.yaml
index 1f69273015..cfe194e42e 100644
--- a/config/openshift/role.yaml
+++ b/config/openshift/role.yaml
@@ -103,6 +103,8 @@ rules:
   - list
   - update
   - watch
+  - bind
+  - escalate
 - apiGroups:
   - ""
   resources: