From d06a764b3f0a8ce9773e49376dcf350da82eaaa8 Mon Sep 17 00:00:00 2001
From: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Date: Wed, 27 Dec 2023 13:07:48 +0200
Subject: [PATCH] fix(common/rbac): adds resourceNames field (#1951)

---
 library/common-test/tests/rbac/data_test.yaml |  4 ++++
 .../tests/rbac/validation_test.yaml           | 19 +++++++++++++++++++
 library/common/Chart.yaml                     |  2 +-
 library/common/templates/lib/rbac/_rules.tpl  | 12 +++++++++++-
 4 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/library/common-test/tests/rbac/data_test.yaml b/library/common-test/tests/rbac/data_test.yaml
index 644673ee03..335ee234c5 100644
--- a/library/common-test/tests/rbac/data_test.yaml
+++ b/library/common-test/tests/rbac/data_test.yaml
@@ -32,6 +32,8 @@ tests:
                 - "{{ .Values.some_group }}"
               resources:
                 - "{{ .Values.some_resource }}"
+              resourceNames:
+                - "{{ .Values.some_name }}"
               verbs:
                 - "{{ .Values.some_verb }}"
           subjects:
@@ -64,6 +66,8 @@ tests:
                 - apps
               resources:
                 - deployments
+              resourceNames:
+                - some-name
               verbs:
                 - list
       - documentIndex: &roleBinding 3
diff --git a/library/common-test/tests/rbac/validation_test.yaml b/library/common-test/tests/rbac/validation_test.yaml
index e9bb71a51a..ebb5e2034d 100644
--- a/library/common-test/tests/rbac/validation_test.yaml
+++ b/library/common-test/tests/rbac/validation_test.yaml
@@ -156,6 +156,25 @@ tests:
       - failedTemplate:
           errorMessage: RBAC - Expected non-empty entry in <rbac.rules.resources>
 
+  - it: should fail with empty entry in resourceNames in rules in rbac
+    set:
+      rbac:
+        my-rbac:
+          enabled: true
+          primary: true
+          rules:
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              resourceNames:
+                - ""
+              verbs:
+                - get
+    asserts:
+      - failedTemplate:
+          errorMessage: RBAC - Expected non-empty entry in <rbac.rules.resourceNames>
+
   - it: should fail with empty entry in verbs in rules in rbac
     set:
       rbac:
diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml
index 45674e3a5a..4a582272b5 100644
--- a/library/common/Chart.yaml
+++ b/library/common/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: A library chart for iX Official Catalog
 type: library
-version: 1.2.5
+version: 1.2.6
 appVersion: v1
 annotations:
   title: Common Library Chart
diff --git a/library/common/templates/lib/rbac/_rules.tpl b/library/common/templates/lib/rbac/_rules.tpl
index e166fa16b8..31e2f79be3 100644
--- a/library/common/templates/lib/rbac/_rules.tpl
+++ b/library/common/templates/lib/rbac/_rules.tpl
@@ -36,7 +36,17 @@ objectData: The object data to be used to render the RBAC.
         {{- fail "RBAC - Expected non-empty entry in <rbac.rules.resources>" -}}
       {{- end }}
   - {{ tpl . $rootCtx | quote }}
-      {{- end -}}
+    {{- end -}}
+  {{- /* resourceNames */}}
+  {{- if .resourceNames }}
+  resourceNames:
+    {{- range .resourceNames -}}
+      {{- if not . -}}
+        {{- fail "RBAC - Expected non-empty entry in <rbac.rules.resourceNames>" -}}
+      {{- end }}
+  - {{ tpl . $rootCtx | quote }}
+    {{- end -}}
+  {{- end -}}
   {{- /* verbs */}}
   verbs:
     {{- range .verbs -}}