[COMMON] Add missing .helmignore files and "components/" entries

[oom.git] / kubernetes / platform / components / cmpv2-cert-provider / templates / roles.yaml

{{ if .Values.global.CMPv2CertManagerIntegration }}

# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: cmpv2-issuer-leader-election-role
  namespace: {{ include "common.namespace" . }}
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - configmaps/status
    verbs:
      - get
      - update
      - patch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cmpv2-issuer-manager-role
rules:
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - cert-manager.io
    resources:
      - certificaterequests
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - cert-manager.io
    resources:
      - certificaterequests/status
    verbs:
      - get
      - patch
      - update
  - apiGroups:
      - certmanager.onap.org
    resources:
      - cmpv2issuers
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - certmanager.onap.org
    resources:
      - cmpv2issuers/status
    verbs:
      - get
      - patch
      - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cmpv2-issuer-proxy-role
rules:
  - apiGroups:
      - authentication.k8s.io
    resources:
      - tokenreviews
    verbs:
      - create
  - apiGroups:
      - authorization.k8s.io
    resources:
      - subjectaccessreviews
    verbs:
      - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cmpv2-issuer-leader-election-rolebinding
  namespace: {{ include "common.namespace" . }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: cmpv2-issuer-leader-election-role
subjects:
  - kind: ServiceAccount
    name: default
    namespace: {{ include "common.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cmpv2-issuer-manager-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmpv2-issuer-manager-role
subjects:
  - kind: ServiceAccount
    name: default
    namespace: {{ include "common.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cmpv2-issuer-proxy-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cmpv2-issuer-proxy-role
subjects:
  - kind: ServiceAccount
    name: default
    namespace: {{ include "common.namespace" . }}
{{ end }}