From 03d8b00e4135479d2172ce742a45c5f4b658e1e2 Mon Sep 17 00:00:00 2001
From: ytimocin <ytimocin@microsoft.com>
Date: Sun, 24 Nov 2024 08:28:59 -0800
Subject: [PATCH] Changing permissions of UCP - removing unused permissions

Signed-off-by: ytimocin <ytimocin@microsoft.com>
---
 deploy/Chart/templates/ucp/rbac.yaml | 57 ++++++++++------------------
 1 file changed, 19 insertions(+), 38 deletions(-)

diff --git a/deploy/Chart/templates/ucp/rbac.yaml b/deploy/Chart/templates/ucp/rbac.yaml
index e41c1d6fe83..249414b607e 100644
--- a/deploy/Chart/templates/ucp/rbac.yaml
+++ b/deploy/Chart/templates/ucp/rbac.yaml
@@ -7,51 +7,32 @@ metadata:
     app.kubernetes.io/part-of: radius
 rules:
 - apiGroups:
-  - ""
+    - ""
   resources:
-  - configmaps
-  - secrets
-  - services
+    - secrets
   verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
+    - create
+    - delete
+    - get
+    - update
+
 - apiGroups:
-  - apps
+    - ucp.dev
   resources:
-  - deployments
-  - statefulsets
+    - resources
   verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
+    - create
+    - delete
+    - get
+    - list
+    - update
+
 - apiGroups:
-  - ucp.dev
+    - ucp.dev
   resources:
-  - resources
-  - queuemessages
+    - queuemessages
   verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - api.ucp.dev
-  resources:
-  - '*'
-  verbs:
-  - '*'
+    - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -67,4 +48,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: ucp
-  namespace: {{ .Release.Namespace }}
\ No newline at end of file
+  namespace: {{ .Release.Namespace }}