+{{- if hasKey $dot.Values.new_roles_definitions $role_type }}
+{{ include "common.tplValue" ( dict "value" (index $dot.Values.new_roles_definitions $role_type ) "context" $dot) }}
+{{- else}}
+# if no rules are provided, you're back to 'nothing' role
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - selfsubjectaccessreviews
+ - selfsubjectrulesreviews
+ verbs:
+ - create
+{{- end }}
+{{- else if or ($dot.Values.global.createDefaultRoles) ($dot.Values.createDefaultRoles) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
+ namespace: {{ include "common.namespace" $dot }}
+rules:
+{{- if eq $role_type "read" }}