From 6184b73424ba15a9035d050f36d615a09552bd06 Mon Sep 17 00:00:00 2001
From: Guangning E <guangning@streamnative.io>
Date: Thu, 23 Oct 2025 20:33:23 +0800
Subject: [PATCH] Add resource and verbs

---
 .../function-worker/function-worker-role-binding.yaml       | 6 +++++-
 .../toolset/jwt-secret-init-job-service-account.yaml        | 2 +-
 .../function-worker/function-worker-role-binding.yaml       | 6 +++++-
 .../toolset/jwt-secret-init-job-service-account.yaml        | 2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/charts/sn-platform-slim/templates/function-worker/function-worker-role-binding.yaml b/charts/sn-platform-slim/templates/function-worker/function-worker-role-binding.yaml
index 7dcbb099b..c6f902336 100644
--- a/charts/sn-platform-slim/templates/function-worker/function-worker-role-binding.yaml
+++ b/charts/sn-platform-slim/templates/function-worker/function-worker-role-binding.yaml
@@ -50,7 +50,11 @@ rules:
 {{- if .Values.broker.functionmesh.enabled}}
 - apiGroups: ["compute.functionmesh.io"]
   resources:
-    - '*'
+    - backendconfigs
+    - functionmeshes
+    - functions
+    - sources
+    - sinks
   verbs:
     - list
     - watch
diff --git a/charts/sn-platform-slim/templates/toolset/jwt-secret-init-job-service-account.yaml b/charts/sn-platform-slim/templates/toolset/jwt-secret-init-job-service-account.yaml
index 4a6fbd56c..79ae73863 100644
--- a/charts/sn-platform-slim/templates/toolset/jwt-secret-init-job-service-account.yaml
+++ b/charts/sn-platform-slim/templates/toolset/jwt-secret-init-job-service-account.yaml
@@ -20,7 +20,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["*"]
+    verbs: ["list","watch" ,"get" ,"update" ,"create" ,"delete" ,"patch"]
 ---
 
 kind: RoleBinding
diff --git a/charts/sn-platform/templates/function-worker/function-worker-role-binding.yaml b/charts/sn-platform/templates/function-worker/function-worker-role-binding.yaml
index 7dcbb099b..c6f902336 100644
--- a/charts/sn-platform/templates/function-worker/function-worker-role-binding.yaml
+++ b/charts/sn-platform/templates/function-worker/function-worker-role-binding.yaml
@@ -50,7 +50,11 @@ rules:
 {{- if .Values.broker.functionmesh.enabled}}
 - apiGroups: ["compute.functionmesh.io"]
   resources:
-    - '*'
+    - backendconfigs
+    - functionmeshes
+    - functions
+    - sources
+    - sinks
   verbs:
     - list
     - watch
diff --git a/charts/sn-platform/templates/toolset/jwt-secret-init-job-service-account.yaml b/charts/sn-platform/templates/toolset/jwt-secret-init-job-service-account.yaml
index 4a6fbd56c..79ae73863 100644
--- a/charts/sn-platform/templates/toolset/jwt-secret-init-job-service-account.yaml
+++ b/charts/sn-platform/templates/toolset/jwt-secret-init-job-service-account.yaml
@@ -20,7 +20,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["*"]
+    verbs: ["list","watch" ,"get" ,"update" ,"create" ,"delete" ,"patch"]
 ---
 
 kind: RoleBinding