From 680c6e067f01e0c930e36b1e6773c925a3b70b8c Mon Sep 17 00:00:00 2001
From: Donnie Adams <donnie@acorn.io>
Date: Tue, 14 Nov 2023 12:35:20 -0500
Subject: [PATCH] Revert "Expand * verbs when doing SAR checks on images"

This reverts commit 9620eca1fbbe5ef4a8fe5a1420a3cda9b5cba4a4.
---
 pkg/roles/roles.go                                 | 14 +++++++-------
 .../registry/apigroups/acorn/apps/validator.go     |  3 ---
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/pkg/roles/roles.go b/pkg/roles/roles.go
index db147086d6..32bee00a05 100644
--- a/pkg/roles/roles.go
+++ b/pkg/roles/roles.go
@@ -30,7 +30,7 @@ var (
 		},
 		ClusterEdit: {
 			{
-				Verbs: []string{"create", "update", "delete", "deletecollection"},
+				Verbs: []string{"create", "update", "delete"},
 				Resources: []string{
 					"projects",
 				},
@@ -91,7 +91,7 @@ var (
 		},
 		Edit: {
 			{
-				Verbs: []string{"create", "update", "delete", "deletecollection", "patch"},
+				Verbs: []string{"create", "update", "delete", "patch"},
 				Resources: []string{
 					"apps",
 					"devsessions",
@@ -100,7 +100,7 @@ var (
 				},
 			},
 			{
-				Verbs: []string{"update", "delete", "deletecollection", "patch"},
+				Verbs: []string{"update", "delete", "patch"},
 				Resources: []string{
 					"images",
 				},
@@ -117,7 +117,7 @@ var (
 				},
 			},
 			{
-				Verbs: []string{"delete", "deletecollection"},
+				Verbs: []string{"delete"},
 				Resources: []string{
 					"services",
 					"volumes",
@@ -136,7 +136,7 @@ var (
 		},
 		Build: {
 			{
-				Verbs: []string{"create", "delete", "deletecollection"},
+				Verbs: []string{"create", "delete"},
 				Resources: []string{
 					"builders",
 					"acornimagebuilds",
@@ -151,7 +151,7 @@ var (
 		},
 		Admin: {
 			{
-				Verbs: []string{"create", "update", "delete", "deletecollection", "patch", "get", "list", "watch"},
+				Verbs: []string{"create", "update", "delete", "patch", "get", "list", "watch"},
 				Resources: []string{
 					"projectvolumeclasses",
 					"clustervolumeclasses",
@@ -163,7 +163,7 @@ var (
 				APIGroups: []string{admin_acorn_io.Group},
 			},
 			{
-				Verbs: []string{"create", "update", "delete", "deletecollection", "patch"},
+				Verbs: []string{"create", "update", "delete", "patch"},
 				Resources: []string{
 					"imageallowrules",
 				},
diff --git a/pkg/server/registry/apigroups/acorn/apps/validator.go b/pkg/server/registry/apigroups/acorn/apps/validator.go
index 0bd45d7ce8..409354e4ca 100644
--- a/pkg/server/registry/apigroups/acorn/apps/validator.go
+++ b/pkg/server/registry/apigroups/acorn/apps/validator.go
@@ -439,9 +439,6 @@ func (s *RBACValidator) getSARResourceRole(sar *authv1.SubjectAccessReview, serv
 	if len(rule.Verbs) == 0 {
 		return nil, fmt.Errorf("can not deploy acorn due to requesting role with empty verbs")
 	}
-	if slices.Contains(rule.Verbs, "*") {
-		rule.Verbs = v1.DefaultVerbs
-	}
 	if len(rule.Resources) == 0 {
 		rule.Resources = []string{"*"}
 	}