From 0917a228aa1e55a8dd29df7b178669f25d61803f Mon Sep 17 00:00:00 2001
From: bee-ci-2 <beedemo-dev@workshop.cb-sa.io>
Date: Wed, 25 Jan 2023 16:17:13 +0000
Subject: [PATCH] adding rbac updates for rbac lab

---
 bundle/bundle.yaml |  4 +++-
 bundle/rbac.yaml   | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 bundle/rbac.yaml

diff --git a/bundle/bundle.yaml b/bundle/bundle.yaml
index 451b85e..e4ce0ce 100644
--- a/bundle/bundle.yaml
+++ b/bundle/bundle.yaml
@@ -1,6 +1,8 @@
 apiVersion: "1"
-version: "1"
+version: "2"
 id: "bee-ci-2-dev-controller"
 description: "CloudBees CI configuration bundle for the bee-ci-2 dev-controller Controller"
 availabilityPattern: "cloudbees-ci-casc-workshop/bee-ci-2/dev-controller"
 parent: "base"
+rbac:
+  - "rbac.yaml"
diff --git a/bundle/rbac.yaml b/bundle/rbac.yaml
new file mode 100644
index 0000000..a1aa8d8
--- /dev/null
+++ b/bundle/rbac.yaml
@@ -0,0 +1,39 @@
+removeStrategy:
+  rbac: SYNC
+roles:
+- name: authenticated
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.Read
+  - hudson.model.Item.Read
+  - hudson.model.View.Read
+- name: administrator
+  permissions:
+  - hudson.model.Hudson.Administer
+- name: manager
+  filterable: 'true'
+  permissions:
+  - hudson.model.Hudson.SystemRead
+  - hudson.model.Hudson.Manage
+  - com.cloudbees.plugins.credentials.CredentialsProvider.View
+  - com.cloudbees.pipeline.governance.templates.catalog.TemplateCatalogAction.ViewCatalogs
+  - com.cloudbees.jenkins.plugin.metrics.views.Alerter.View
+  - nectar.plugins.rbac.groups.Group.View
+  - nectar.plugins.rbac.roles.Role.View
+groups:
+- name: controller-admins
+  members:
+    users:
+    - admin
+    - team-admin
+    - "beedemo-dev-admin"
+  roles:
+  - name: administrator
+    grantedAt: current
+- name: controller-managers
+  members:
+    users:
+    - "beedemo-dev"
+  roles:
+  - name: manager
+    grantedAt: current