2 # Copyright © 2020 Orange
3 # Modifications Copyright © 2023 Deutsche Telekom AG
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
19 {{- range $role_type := $dot.Values.roles }}
20 {{/* Default roles are already created, just creating specific ones */}}
21 {{- if not (has $role_type $dot.Values.defaultRoles) }}
23 apiVersion: rbac.authorization.k8s.io/v1
26 name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
27 namespace: {{ include "common.namespace" $dot }}
29 {{- if hasKey $dot.Values.new_roles_definitions $role_type }}
30 {{ include "common.tplValue" ( dict "value" (index $dot.Values.new_roles_definitions $role_type ) "context" $dot) }}
32 # if no rules are provided, you're back to 'nothing' role
34 - authorization.k8s.io
36 - selfsubjectaccessreviews
37 - selfsubjectrulesreviews
41 {{- else if or ($dot.Values.global.createDefaultRoles) ($dot.Values.createDefaultRoles) }}
43 apiVersion: rbac.authorization.k8s.io/v1
46 name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
47 namespace: {{ include "common.namespace" $dot }}
49 {{- if eq $role_type "read" }}
51 - "" # "" indicates the core API group
73 {{- if eq $role_type "create" }}
75 - "" # "" indicates the core API group
96 - "" # "" indicates the core API group
104 - "" # "" indicates the core API group
114 - "" # "" indicates the core API group
118 - persistentvolumeclaims
125 - "" # "" indicates the core API group
139 # if you don't match read or create, then you're not allowed to use API
140 # except to see basic information about yourself
142 - authorization.k8s.io
144 - selfsubjectaccessreviews
145 - selfsubjectrulesreviews