diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_write_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
similarity index 88%
rename from elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_write_role.yaml
rename to elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
index d1148701b80f10960615151ec2dd1c7a23aaf07c..93bc717cc3b3982e9d59cfaafd1e0f9ef7c3592d 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_write_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
@@ -26,7 +26,7 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: ozgcloud-elster-transfer-operator-configmap-read-write-role-binding
+ name: ozgcloud-elster-transfer-operator-configmap-read-role-binding
namespace: {{ include "app.namespace" . }}
subjects:
- kind: ServiceAccount
@@ -34,13 +34,13 @@ subjects:
namespace: {{ required "elsterTransferOperator.namespace must be set" (.Values.elsterTransferOperator).namespace }}
roleRef:
kind: Role
- name: ozgcloud-elster-transfer-operator-configmap-read-write-role
+ name: ozgcloud-elster-transfer-operator-configmap-read-role
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: ozgcloud-elster-transfer-operator-configmap-read-write-role
+ name: ozgcloud-elster-transfer-operator-configmap-read-role
namespace: {{ include "app.namespace" . }}
rules:
- apiGroups: [""]
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..53cef23f9f1e6b2f98b75b1131a7a2a1bcb7a529
--- /dev/null
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
@@ -0,0 +1,48 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elster-transfer-operator-configmap-write-role-binding
+ namespace: {{ include "app.namespace" . }}
+subjects:
+ - kind: ServiceAccount
+ name: ozgcloud-elster-transfer-operator-service-account
+ namespace: {{ required "elsterTransferOperator.namespace must be set" (.Values.elsterTransferOperator).namespace }}
+roleRef:
+ kind: Role
+ name: ozgcloud-elster-transfer-operator-configmap-write-role
+ apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elster-transfer-operator-configmap-write-role
+ namespace: {{ include "app.namespace" . }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["create", "get", "list", "update", "patch"]
\ No newline at end of file
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..aaca8ab3fbc0fbe140ec00b0a8e0d080d63e1458
--- /dev/null
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
@@ -0,0 +1,49 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elster-transfer-operator-deployment-read-role-binding
+ namespace: {{ include "app.namespace" . }}
+subjects:
+ - kind: ServiceAccount
+ name: ozgcloud-elster-transfer-operator-service-account
+ namespace: {{ required "elsterTransferOperator.namespace must be set" (.Values.elsterTransferOperator).namespace }}
+roleRef:
+ kind: Role
+ name: ozgcloud-elster-transfer-operator-deployment-read-role
+ apiGroup: rbac.authorization.k8s.io
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elster-transfer-operator-deployment-read-role
+ namespace: {{ include "app.namespace" . }}
+rules:
+ - apiGroups: ["apps"]
+ resourceNames: ["elster-transfer"]
+ resources: ["deployments"]
+ verbs: ["get", "list"]
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_patch_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
similarity index 86%
rename from elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_patch_role.yaml
rename to elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
index cdf0948c3204415d9e0180311d7fb039730b70d8..4552a3bbdd0f28329e2520300052292e211074cb 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_patch_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
@@ -25,7 +25,7 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: ozgcloud-elster-transfer-operator-deployment-patch-role-binding
+ name: ozgcloud-elster-transfer-operator-deployment-write-role-binding
namespace: {{ include "app.namespace" . }}
subjects:
- kind: ServiceAccount
@@ -33,17 +33,17 @@ subjects:
namespace: {{ required "elsterTransferOperator.namespace must be set" (.Values.elsterTransferOperator).namespace }}
roleRef:
kind: Role
- name: ozgcloud-elster-transfer-operator-deployment-patch-role
+ name: ozgcloud-elster-transfer-operator-deployment-write-role
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: ozgcloud-elster-transfer-operator-deployment-patch-role
+ name: ozgcloud-elster-transfer-operator-deployment-write-role
namespace: {{ include "app.namespace" . }}
rules:
- apiGroups: ["apps"]
resourceNames: ["elster-transfer"]
resources: ["deployments"]
- verbs: ["get", "list", "update", "patch"]
+ verbs: ["update", "patch"]
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_write_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
similarity index 95%
rename from elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_write_role_test.yaml
rename to elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
index 9a580a6f989257c0d2745dcb00b7f875185ccfe9..04699b63c031e5dc88546add9f055f4d6b9bf9c3 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_write_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
@@ -30,7 +30,7 @@ set:
elsterTransferOperator:
namespace: etr-operator
templates:
- - templates/ozgcloud_elstertransfer_operator_configmap_read_write_role.yaml
+ - templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
tests:
- it: test RoleBinding metadata
asserts:
@@ -41,7 +41,7 @@ tests:
of: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
- value: ozgcloud-elster-transfer-operator-configmap-read-write-role-binding
+ value: ozgcloud-elster-transfer-operator-configmap-read-role-binding
documentIndex: 0
- it: test RoleBinding subject
asserts:
@@ -58,7 +58,7 @@ tests:
path: roleRef
value:
kind: Role
- name: ozgcloud-elster-transfer-operator-configmap-read-write-role
+ name: ozgcloud-elster-transfer-operator-configmap-read-role
apiGroup: rbac.authorization.k8s.io
documentIndex: 0
@@ -71,7 +71,7 @@ tests:
of: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
- value: ozgcloud-elster-transfer-operator-configmap-read-write-role
+ value: ozgcloud-elster-transfer-operator-configmap-read-role
documentIndex: 1
- it: test RoleBinding rules
asserts:
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3a70cc3b484de6418b2205b0a348c39a33f1bab7
--- /dev/null
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml
@@ -0,0 +1,91 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: ElsterTransfer read rbac test
+release:
+ name: elstertransfer
+ namespace: test-namespace
+set:
+ elsterTransferOperator:
+ namespace: etr-operator
+templates:
+ - templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
+tests:
+ - it: test RoleBinding metadata
+ asserts:
+ - isKind:
+ of: RoleBinding
+ documentIndex: 0
+ - isAPIVersion:
+ of: rbac.authorization.k8s.io/v1
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elster-transfer-operator-configmap-write-role-binding
+ documentIndex: 0
+ - it: test RoleBinding subject
+ asserts:
+ - contains:
+ path: subjects
+ content:
+ kind: ServiceAccount
+ name: ozgcloud-elster-transfer-operator-service-account
+ namespace: etr-operator
+ documentIndex: 0
+ - it: test RoleBinding roleRef
+ asserts:
+ - equal:
+ path: roleRef
+ value:
+ kind: Role
+ name: ozgcloud-elster-transfer-operator-configmap-write-role
+ apiGroup: rbac.authorization.k8s.io
+ documentIndex: 0
+
+ - it: test Role metadata
+ asserts:
+ - isKind:
+ of: Role
+ documentIndex: 1
+ - isAPIVersion:
+ of: rbac.authorization.k8s.io/v1
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elster-transfer-operator-configmap-write-role
+ documentIndex: 1
+ - it: test RoleBinding rules
+ asserts:
+ - contains:
+ path: rules
+ content:
+ apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - patch
+ documentIndex: 1
\ No newline at end of file
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f90256f71b5b908d2e11d46d1f3927a68e33a535
--- /dev/null
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml
@@ -0,0 +1,90 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: ElsterTransfer write rbac test
+release:
+ name: elstertransfer
+ namespace: test-namespace
+set:
+ elsterTransferOperator:
+ namespace: etr-operator
+templates:
+ - templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
+tests:
+ - it: test RoleBinding metadata
+ asserts:
+ - isKind:
+ of: RoleBinding
+ documentIndex: 0
+ - isAPIVersion:
+ of: rbac.authorization.k8s.io/v1
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elster-transfer-operator-deployment-read-role-binding
+ documentIndex: 0
+ - it: test RoleBinding subject
+ asserts:
+ - contains:
+ path: subjects
+ content:
+ kind: ServiceAccount
+ name: ozgcloud-elster-transfer-operator-service-account
+ namespace: etr-operator
+ documentIndex: 0
+ - it: test RoleBinding roleRef
+ asserts:
+ - equal:
+ path: roleRef
+ value:
+ kind: Role
+ name: ozgcloud-elster-transfer-operator-deployment-read-role
+ apiGroup: rbac.authorization.k8s.io
+ documentIndex: 0
+
+ - it: test Role metadata
+ asserts:
+ - isKind:
+ of: Role
+ documentIndex: 1
+ - isAPIVersion:
+ of: rbac.authorization.k8s.io/v1
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elster-transfer-operator-deployment-read-role
+ documentIndex: 1
+ - it: test RoleBinding rules
+ asserts:
+ - contains:
+ path: rules
+ content:
+ apiGroups:
+ - apps
+ resourceNames:
+ - elster-transfer
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ documentIndex: 1
\ No newline at end of file
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_patch_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
similarity index 87%
rename from elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_patch_role_test.yaml
rename to elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
index ea4c11d6ed44b115a2f1e07a0ed533aeab1ce257..5166cd393cd584a00bfff0060b5fb7e177c3f362 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_patch_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
@@ -30,7 +30,7 @@ set:
elsterTransferOperator:
namespace: etr-operator
templates:
- - templates/ozgcloud_elstertransfer_operator_deployment_patch_role.yaml
+ - templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
tests:
- it: test RoleBinding metadata
asserts:
@@ -41,7 +41,7 @@ tests:
of: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
- value: ozgcloud-elster-transfer-operator-deployment-patch-role-binding
+ value: ozgcloud-elster-transfer-operator-deployment-write-role-binding
documentIndex: 0
- it: test RoleBinding subject
asserts:
@@ -58,7 +58,7 @@ tests:
path: roleRef
value:
kind: Role
- name: ozgcloud-elster-transfer-operator-deployment-patch-role
+ name: ozgcloud-elster-transfer-operator-deployment-write-role
apiGroup: rbac.authorization.k8s.io
documentIndex: 0
@@ -71,7 +71,7 @@ tests:
of: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
- value: ozgcloud-elster-transfer-operator-deployment-patch-role
+ value: ozgcloud-elster-transfer-operator-deployment-write-role
documentIndex: 1
- it: test RoleBinding rules
asserts:
@@ -85,8 +85,6 @@ tests:
resources:
- deployments
verbs:
- - get
- - list
- update
- patch
documentIndex: 1
\ No newline at end of file