truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-14 02:30:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2770cc2e7faa3f36f94dea5c2c9a54be095e1296
chart/library/common/templates/lib/rbac/_rules.tpl
Stavros Kois 929e60d801 NAS-121003 / 23.10 / Adapt charts CI and improve/fix common (#1011) 
* Adapt charts CI and improve/fix common

* add check on permissions contaienr

* add postgres template

* update comments

* Update create_app.sh

* add check

* update script

* auto gen item.yaml from Chart,yaml

* rename readme on dest

* duplicate readme from the same source

* correct comment

* reoder

* remove extra space

* keep both README and app-readme

* update regex, to also allow 2 letter names, which is also valid

* No need to check host network if there aren't any pod values

* use same pattern as the pod.name label (not prepending release-name

* update deps

* add chart dirs to ci

* Add a validation to check if there is any yaml errors after merging files

* update charts path on ci

* common/1.0.0/ -> common/

* update common-test dep path

* temp update create_app script

* make permissions container name configurable, incase we want to change order of execution

* update naming convention

* fix typo and a missed name change

* do not allow `--` in names
2023-03-16 17:36:19 +02:00

51 lines
1.5 KiB
Smarty
Raw Blame History

{{/* Returns Rules for rbac */}}
{{/* Call this template:
{{ include "ix.v1.common.lib.rbac.rules" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "ix.v1.common.lib.rbac.rules" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.rules -}}
{{- fail "RBAC - Expected non-empty <rbac.rules>" -}}
{{- end -}}
{{- range $objectData.rules -}}
{{- if not .apiGroups -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.apiGroups>" -}}
{{- end -}}
{{- if not .resources -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.resources>" -}}
{{- end -}}
{{- if not .verbs -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.verbs>" -}}
{{- end -}}
{{- /* apiGroups */}}
- apiGroups:
{{- range .apiGroups }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* resources */}}
resources:
{{- range .resources -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.resources>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* verbs */}}
verbs:
{{- range .verbs -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.verbs>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink