Blame - kubernetes/common/serviceAccount/templates/role.yaml - onap/oom

blob: 6d121649383d011cd282ac124731e064790f573e [file] [log] [blame]

Sylvain Desbureaux	4534881	2020-05-19 17:46:54 +0200	[diff] [blame]	1	{{/*
				2	# Copyright © 2020 Orange
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15	*/}}
				16
				17	{{- $dot := . -}}
				18	{{- range $role_type := $dot.Values.roles }}
				19	---
				20	apiVersion: rbac.authorization.k8s.io/v1
				21	kind: Role
				22	metadata:
				23	name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
				24	namespace: {{ include "common.namespace" $dot }}
				25	rules:
				26	{{- if eq $role_type "read" }}
				27	- apiGroups:
				28	- "" # "" indicates the core API group
				29	- apps
				30	- batch
Sylvain Desbureaux	4087a68	2020-07-06 13:55:41 +0200	[diff] [blame]	31	- extensions
Sylvain Desbureaux	4534881	2020-05-19 17:46:54 +0200	[diff] [blame]	32	resources:
				33	- pods
				34	- deployments
				35	- jobs
				36	- jobs/status
				37	- statefulsets
				38	- replicasets
Sylvain Desbureaux	4087a68	2020-07-06 13:55:41 +0200	[diff] [blame]	39	- replicasets/status
Sylvain Desbureaux	4534881	2020-05-19 17:46:54 +0200	[diff] [blame]	40	- daemonsets
				41	verbs:
				42	- get
				43	- watch
				44	- list
				45	{{- else }}
				46	{{- if eq $role_type "create" }}
				47	- apiGroups:
				48	- "" # "" indicates the core API group
				49	- apps
				50	- batch
Sylvain Desbureaux	4087a68	2020-07-06 13:55:41 +0200	[diff] [blame]	51	- extensions
Sylvain Desbureaux	4534881	2020-05-19 17:46:54 +0200	[diff] [blame]	52	resources:
				53	- pods
				54	- deployments
				55	- jobs
				56	- jobs/status
				57	- statefulsets
				58	- replicasets
Sylvain Desbureaux	4087a68	2020-07-06 13:55:41 +0200	[diff] [blame]	59	- replicasets/status
Sylvain Desbureaux	4534881	2020-05-19 17:46:54 +0200	[diff] [blame]	60	- daemonsets
				61	- secrets
				62	verbs:
				63	- get
				64	- watch
				65	- list
				66	- apiGroups:
				67	- "" # "" indicates the core API group
				68	- apps
				69	resources:
				70	- statefulsets
				71	verbs:
				72	- patch
				73	- apiGroups:
				74	- "" # "" indicates the core API group
				75	- apps
				76	resources:
				77	- deployments
				78	- secrets
				79	verbs:
				80	- create
				81	- apiGroups:
				82	- "" # "" indicates the core API group
				83	- apps
				84	resources:
				85	- pods
				86	- persistentvolumeclaims
				87	- secrets
				88	- deployment
				89	verbs:
				90	- delete
				91	- apiGroups:
				92	- "" # "" indicates the core API group
				93	- apps
				94	resources:
				95	- pods/exec
				96	verbs:
				97	- create
				98	{{- else }}
				99	{{- if hasKey $dot.Values.new_roles_definitions $role_type }}
				100	{{ include "common.tplValue" ( dict "value" (index $dot.Values.new_roles_definitions $role_type ) "context" $dot) }}
				101	{{- else}}
				102	# if you don't match read or create, then you're not allowed to use API
				103	- apiGroups: []
				104	resources: []
				105	verbs: []
				106	{{- end }}
				107	{{- end }}
				108	{{- end }}
				109	{{- end }}