From f990f4fa68784d3d006975f821ccac7678f74937 Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Wed, 4 Sep 2024 17:29:08 +0800
Subject: [PATCH] fix: aggregate clusterrole to admission controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 .../cpol-data-trigger-not-present/permissions.yaml         | 7 +++++++
 .../policy/target-namespace-scope/permissions.yaml         | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml
index 29f373c3a80d..2518b4d0e513 100644
--- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml
@@ -18,3 +18,10 @@ rules:
   - create
   - update
   - delete
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - get
+  - list
diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/permissions.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/permissions.yaml
index bd3068a64547..d4a08cd5fad2 100644
--- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/permissions.yaml
+++ b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/permissions.yaml
@@ -15,4 +15,11 @@ rules:
   - create
   - update
   - delete
+  - get
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - list
   - get
\ No newline at end of file