catalog: add cluster service broker admin role

closes #17158

Author: Jeff Peeler

pkg/oc/bootstrap/docker/openshift/rbac.go

@@ -7,6 +7,11 @@ import (
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 )
 
+// Roles
+const (
+	ClusterServiceBrokerAdminRoleName = "system:openshift:clusterservicebroker-client"
+)
+
 // GetServiceCatalogRBACDelta returns a cluster role with the required rules to bootstrap service catalog
 func GetServiceCatalogRBACDelta() []rbac.ClusterRole {
 	return []rbac.ClusterRole{
@@ -36,5 +41,13 @@ func GetServiceCatalogRBACDelta() []rbac.ClusterRole {
 				rbac.NewRule("get", "list", "watch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings").RuleOrDie(),
 			},
 		},
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Name: ClusterServiceBrokerAdminRoleName,
+			},
+			Rules: []rbac.PolicyRule{
+				rbac.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("clusterservicebrokers").RuleOrDie(),
+			},
+		},
 	}
 }