apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: inventory-role
  namespace: hackerspace
rules:
  - verbs:
      - get
      - list
      - watch
    apiGroups:
      - codemowers.cloud
    resources:
      - oidcusers
      - oidcusers/status
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: inventory-roles
  namespace: hackerspace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: inventory-role
subjects:
  - kind: ServiceAccount
    name: inventory-svcacc
    namespace: hackerspace
---
# used by inventory and doorboy
apiVersion: v1
kind: ServiceAccount
metadata:
  name: inventory-svcacc