From 3d0b5cd21979efd2ddb89709ed35b0f9d8b2755f Mon Sep 17 00:00:00 2001
From: Jian Zhu <36154065+zhujian7@users.noreply.github.com>
Date: Thu, 15 Sep 2022 09:16:53 +0800
Subject: [PATCH] Allow work agent to create subjectaccessreviews (#273)

Signed-off-by: zhujian <jiazhu@redhat.com>

Signed-off-by: zhujian <jiazhu@redhat.com>
---
 manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml b/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
index 7eab35751..8b48cc7c8 100644
--- a/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
+++ b/manifests/klusterlet/managed/klusterlet-work-clusterrole.yaml
@@ -15,3 +15,7 @@ rules:
 - apiGroups: ["work.open-cluster-management.io"]
   resources: ["appliedmanifestworks/finalizers"]
   verbs: ["update"]
+# Allow agent to create subjectaccessreviews
+- apiGroups: ["authorization.k8s.io"]
+  resources: ["subjectaccessreviews"]
+  verbs: ["create"]