From 3b03531b977f27faa945da8baf6986f533fd9753 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 10 Jul 2020 20:04:52 -0700
Subject: [PATCH] add permission to get role / clusterRole

---
 charts/kyverno/crds/crds.yaml             | 5 ++++-
 charts/kyverno/templates/clusterrole.yaml | 2 ++
 definitions/install.yaml                  | 6 ++++--
 definitions/install_debug.yaml            | 6 ++++--
 definitions/rbac/rbac.yaml                | 2 ++
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/charts/kyverno/crds/crds.yaml b/charts/kyverno/crds/crds.yaml
index 1537465fb7..f252d33cd0 100644
--- a/charts/kyverno/crds/crds.yaml
+++ b/charts/kyverno/crds/crds.yaml
@@ -230,7 +230,10 @@ spec:
                                   - NotIn
                                   type: string
                                 value:
-                                  type: string
+                                  anyOf:
+                                  - type: string
+                                  - items: {}
+                                    type: array
                               required:
                               - key
                               - operator
diff --git a/charts/kyverno/templates/clusterrole.yaml b/charts/kyverno/templates/clusterrole.yaml
index a4185b118c..68cfd204d8 100644
--- a/charts/kyverno/templates/clusterrole.yaml
+++ b/charts/kyverno/templates/clusterrole.yaml
@@ -63,6 +63,8 @@ rules:
 - apiGroups:
   - "*"
   resources:
+  - roles
+  - clusterroles
   - rolebindings
   - clusterrolebindings
   - configmaps
diff --git a/definitions/install.yaml b/definitions/install.yaml
index b04ce266da..f571fa3fad 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -237,8 +237,8 @@ spec:
                                 value:
                                   anyOf:
                                   - type: string
-                                  - type: array
-                                    items: {}
+                                  - items: {}
+                                    type: array
                               required:
                               - key
                               - operator
@@ -560,6 +560,8 @@ rules:
 - apiGroups:
   - '*'
   resources:
+  - roles
+  - clusterroles
   - rolebindings
   - clusterrolebindings
   - configmaps
diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml
index 4b3fe2b877..3db2170ea2 100644
--- a/definitions/install_debug.yaml
+++ b/definitions/install_debug.yaml
@@ -237,8 +237,8 @@ spec:
                                 value:
                                   anyOf:
                                   - type: string
-                                  - type: array
-                                    items: {}
+                                  - items: {}
+                                    type: array
                               required:
                               - key
                               - operator
@@ -560,6 +560,8 @@ rules:
 - apiGroups:
   - '*'
   resources:
+  - roles
+  - clusterroles
   - rolebindings
   - clusterrolebindings
   - configmaps
diff --git a/definitions/rbac/rbac.yaml b/definitions/rbac/rbac.yaml
index f6cb27d727..f8d0ff9fb3 100644
--- a/definitions/rbac/rbac.yaml
+++ b/definitions/rbac/rbac.yaml
@@ -153,6 +153,8 @@ rules:
 - apiGroups:
   - "*"
   resources:
+  - roles
+  - clusterroles
   - rolebindings
   - clusterrolebindings
   - configmaps