shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 21:18:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
75f5b60eb6a674220249e7da73158faef44db289
coder/helm/libcoder/templates/_rbac.yaml
T

92 lines
3.6 KiB
YAML
Raw Blame History

{{- define "libcoder.rbac.forNamespace" -}}
{{- $nsPerms := ternary .workspacePerms .Top.Values.coder.serviceAccount.workspacePerms (hasKey . "workspacePerms") -}}
{{- $nsDeployRaw := ternary .enableDeployments .Top.Values.coder.serviceAccount.enableDeployments (hasKey . "enableDeployments") -}}
{{- $nsExtraRaw := ternary .extraRules .Top.Values.coder.serviceAccount.extraRules (hasKey . "extraRules") -}}
{{- $nsDeploy := and $nsPerms $nsDeployRaw -}}
{{- $nsExtra := ternary $nsExtraRaw (list) $nsPerms -}}
{{- if or $nsPerms (or $nsDeploy $nsExtra) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Top.Values.coder.serviceAccount.name }}-workspace-perms
namespace: {{ .NS }}
rules:
{{- if $nsPerms }}
{{ include "libcoder.rbac.rules.basic" .Top | trimPrefix "\n" | indent 2 }}
{{- end }}
{{- if $nsDeploy }}
{{ include "libcoder.rbac.rules.deployments" .Top | trimPrefix "\n" | indent 2 }}
{{- end }}
{{- if $nsExtra }}
{{- if kindIs "slice" $nsExtra }}
{{ toYaml $nsExtra | trimPrefix "\n" | indent 2 }}
{{- else }}
{{ toYaml (list $nsExtra) | trimPrefix "\n" | indent 2 }}
{{- end }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Top.Values.coder.serviceAccount.name | quote }}
namespace: {{ .NS }}
subjects:
- kind: ServiceAccount
name: {{ .Top.Values.coder.serviceAccount.name | quote }}
{{- if ne .NS .Top.Release.Namespace }}
namespace: {{ .Top.Release.Namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Top.Values.coder.serviceAccount.name }}-workspace-perms
{{- end }}
{{- end -}}
{{- define "libcoder.rbac.core" -}}
{{- $top := . -}}
{{- $rootPerms := $top.Values.coder.serviceAccount.workspacePerms | default false -}}
{{- $rootDeploy := $top.Values.coder.serviceAccount.enableDeployments | default false -}}
{{- $rootExtra := $top.Values.coder.serviceAccount.extraRules | default (list) -}}
{{- $rootParams := dict
"Top" $top
"NS" $top.Release.Namespace
"workspacePerms" $rootPerms
"enableDeployments" $rootDeploy
"extraRules" $rootExtra -}}
{{ include "libcoder.rbac.forNamespace" $rootParams }}
{{- $wsnsRaw := get $top.Values.coder.serviceAccount "workspaceNamespaces" -}}
{{- $extra := default (list) $wsnsRaw -}}
{{- range $_, $ns := $extra }}
{{- $nsName := ternary $ns.name $ns (kindIs "map" $ns) -}}
{{- if $nsName }}
{{- $params := dict "Top" $top "NS" $nsName -}}
{{- if kindIs "map" $ns }}
{{- if hasKey $ns "workspacePerms" }}{{- $_ := set $params "workspacePerms" $ns.workspacePerms }}{{- else }}{{- $_ := set $params "workspacePerms" $rootPerms }}{{- end }}
{{- if hasKey $ns "enableDeployments" }}{{- $_ := set $params "enableDeployments" $ns.enableDeployments }}{{- else }}{{- $_ := set $params "enableDeployments" $rootDeploy }}{{- end }}
{{- if hasKey $ns "extraRules" }}{{- $_ := set $params "extraRules" $ns.extraRules }}{{- else }}{{- $_ := set $params "extraRules" $rootExtra }}{{- end }}
{{- else }}
{{- $_ := set $params "workspacePerms" $rootPerms -}}
{{- $_ := set $params "enableDeployments" $rootDeploy -}}
{{- $_ := set $params "extraRules" $rootExtra -}}
{{- end }}
{{ include "libcoder.rbac.forNamespace" $params }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "libcoder.rbac.tpl" -}}
{{- if not .Values.coder.serviceAccount.disableCreate -}}
{{ include "libcoder.rbac.core" . }}
{{- end }}
{{- end -}}
{{- define "libcoder.namespace.rbac.tpl" -}}
{{ include "libcoder.rbac.core" . }}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink