---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: external-secrets
    app.kubernetes.io/name: external-secrets
    app.kubernetes.io/version: v0.15.1
  name: external-secrets-controller
rules:
  - apiGroups:
      - external-secrets.io
    resources:
      - secretstores
      - clustersecretstores
      - externalsecrets
      - clusterexternalsecrets
      - pushsecrets
      - clusterpushsecrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - external-secrets.io
    resources:
      - externalsecrets
      - externalsecrets/status
      - externalsecrets/finalizers
      - secretstores
      - secretstores/status
      - secretstores/finalizers
      - clustersecretstores
      - clustersecretstores/status
      - clustersecretstores/finalizers
      - clusterexternalsecrets
      - clusterexternalsecrets/status
      - clusterexternalsecrets/finalizers
      - pushsecrets
      - pushsecrets/status
      - pushsecrets/finalizers
      - clusterpushsecrets
      - clusterpushsecrets/status
      - clusterpushsecrets/finalizers
    verbs:
      - get
      - update
      - patch
  - apiGroups:
      - generators.external-secrets.io
    resources:
      - generatorstates
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
      - deletecollection
  - apiGroups:
      - generators.external-secrets.io
    resources:
      - acraccesstokens
      - clustergenerators
      - ecrauthorizationtokens
      - fakes
      - gcraccesstokens
      - githubaccesstokens
      - quayaccesstokens
      - passwords
      - stssessiontokens
      - uuids
      - vaultdynamicsecrets
      - webhooks
      - grafanas
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
      - patch
  - apiGroups:
      - ""
    resources:
      - serviceaccounts/token
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - external-secrets.io
    resources:
      - externalsecrets
    verbs:
      - create
      - update
      - delete
  - apiGroups:
      - external-secrets.io
    resources:
      - pushsecrets
    verbs:
      - create
      - update
      - delete