From 941af6a6485650c06e019eab32e6bef30ebc75b6 Mon Sep 17 00:00:00 2001
From: Matheus Pimenta <matheuscscp@gmail.com>
Date: Sat, 3 May 2025 02:07:03 +0100
Subject: [PATCH] [RFC-0010] Add RBAC for creating service account tokens

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
---
 manifests/rbac/controller.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/manifests/rbac/controller.yaml b/manifests/rbac/controller.yaml
index b059891f..9f5e18eb 100644
--- a/manifests/rbac/controller.yaml
+++ b/manifests/rbac/controller.yaml
@@ -69,6 +69,13 @@ rules:
   - update
   - patch
   - delete
+# required for object-level workload identity
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
 # required for flow control
 - nonResourceURLs:
   - /livez/ping