From 249e461040847a051dce426a2dc1d81138b6010b Mon Sep 17 00:00:00 2001
From: IronPan <yangpa@google.com>
Date: Wed, 28 Aug 2019 11:35:41 -0700
Subject: [PATCH] Add CRD admin permission to deployer SA

This is following the instruction here
https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md#deployerserviceaccount
---
 manifests/gcp_marketplace/schema.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/manifests/gcp_marketplace/schema.yaml b/manifests/gcp_marketplace/schema.yaml
index c7a5f758b6b..6add3b1f2a4 100644
--- a/manifests/gcp_marketplace/schema.yaml
+++ b/manifests/gcp_marketplace/schema.yaml
@@ -94,5 +94,11 @@ x-google-marketplace:
   deployerServiceAccount:
     roles:
       - type: ClusterRole        # This is a cluster-wide ClusterRole
+        rulesType: CUSTOM        # We specify our own custom RBAC roles
+        rules:
+          - apiGroups: ['apiextensions.k8s.io']
+            resources: ['customresourcedefinitions']
+            verbs: ['*']
+      - type: Role               # This is a namespaced Role
         rulesType: PREDEFINED
-        rulesFromRoleName: edit  # Use predefined role named "edit"
\ No newline at end of file
+        rulesFromRoleName: edit  # Use predefined role named "edit"