diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
index 93bc717cc3b3982e9d59cfaafd1e0f9ef7c3592d..d7584fe8eea2b46e5b60875f4831a485080496a3 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
@@ -21,7 +21,7 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if (.Values.userAuthentication).enabled }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -36,6 +36,7 @@ roleRef:
kind: Role
name: ozgcloud-elster-transfer-operator-configmap-read-role
apiGroup: rbac.authorization.k8s.io
+
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -45,4 +46,5 @@ metadata:
rules:
- apiGroups: [""]
resources: ["configmaps"]
- verbs: ["create", "get", "list", "update", "patch"]
\ No newline at end of file
+ verbs: ["create", "get", "list", "update", "patch"]
+{{- end -}}
\ No newline at end of file
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
index 53cef23f9f1e6b2f98b75b1131a7a2a1bcb7a529..a3382b63653e07907673b41631f95fa1bf472302 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
@@ -21,7 +21,7 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if (.Values.userAuthentication).enabled }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -36,6 +36,7 @@ roleRef:
kind: Role
name: ozgcloud-elster-transfer-operator-configmap-write-role
apiGroup: rbac.authorization.k8s.io
+
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -45,4 +46,5 @@ metadata:
rules:
- apiGroups: [""]
resources: ["configmaps"]
- verbs: ["create", "get", "list", "update", "patch"]
\ No newline at end of file
+ verbs: ["create", "get", "list", "update", "patch"]
+{{- end -}}
\ No newline at end of file
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
index aaca8ab3fbc0fbe140ec00b0a8e0d080d63e1458..0635baedca7c5b11f4e02b1e40bc63ad7dda86a4 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
@@ -21,7 +21,7 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if (.Values.userAuthentication).enabled }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -47,3 +47,5 @@ rules:
resourceNames: ["elster-transfer"]
resources: ["deployments"]
verbs: ["get", "list"]
+
+{{- end -}}
\ No newline at end of file
diff --git a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
index 4552a3bbdd0f28329e2520300052292e211074cb..6cf9b4435c73a845b88e5f344342a2d0203054d3 100644
--- a/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
+++ b/elster-transfer/templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
@@ -21,7 +21,7 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if (.Values.userAuthentication).enabled }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -47,3 +47,4 @@ rules:
resourceNames: ["elster-transfer"]
resources: ["deployments"]
verbs: ["update", "patch"]
+{{- end -}}
\ No newline at end of file
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
index 04699b63c031e5dc88546add9f055f4d6b9bf9c3..91521b0e330c64e7db01f2c121c7e603860f84d3 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_read_role_test.yaml
@@ -33,6 +33,9 @@ templates:
- templates/ozgcloud_elstertransfer_operator_configmap_read_role.yaml
tests:
- it: test RoleBinding metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: RoleBinding
@@ -44,6 +47,9 @@ tests:
value: ozgcloud-elster-transfer-operator-configmap-read-role-binding
documentIndex: 0
- it: test RoleBinding subject
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: subjects
@@ -53,6 +59,9 @@ tests:
namespace: etr-operator
documentIndex: 0
- it: test RoleBinding roleRef
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- equal:
path: roleRef
@@ -63,6 +72,9 @@ tests:
documentIndex: 0
- it: test Role metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: Role
@@ -74,6 +86,9 @@ tests:
value: ozgcloud-elster-transfer-operator-configmap-read-role
documentIndex: 1
- it: test RoleBinding rules
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: rules
@@ -88,4 +103,12 @@ tests:
- list
- update
- patch
- documentIndex: 1
\ No newline at end of file
+ documentIndex: 1
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml
index 3a70cc3b484de6418b2205b0a348c39a33f1bab7..ff7904e92618af67c35f0e307b4584dd7155a941 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_configmap_write_role_test.yaml
@@ -33,6 +33,9 @@ templates:
- templates/ozgcloud_elstertransfer_operator_configmap_write_role.yaml
tests:
- it: test RoleBinding metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: RoleBinding
@@ -44,6 +47,9 @@ tests:
value: ozgcloud-elster-transfer-operator-configmap-write-role-binding
documentIndex: 0
- it: test RoleBinding subject
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: subjects
@@ -53,6 +59,9 @@ tests:
namespace: etr-operator
documentIndex: 0
- it: test RoleBinding roleRef
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- equal:
path: roleRef
@@ -63,6 +72,9 @@ tests:
documentIndex: 0
- it: test Role metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: Role
@@ -74,6 +86,9 @@ tests:
value: ozgcloud-elster-transfer-operator-configmap-write-role
documentIndex: 1
- it: test RoleBinding rules
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: rules
@@ -88,4 +103,12 @@ tests:
- list
- update
- patch
- documentIndex: 1
\ No newline at end of file
+ documentIndex: 1
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
\ No newline at end of file
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml
index f90256f71b5b908d2e11d46d1f3927a68e33a535..220c78a3c02761a3a5e9de7dc3b2358e82bea21a 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_read_role_test.yaml
@@ -33,6 +33,9 @@ templates:
- templates/ozgcloud_elstertransfer_operator_deployment_read_role.yaml
tests:
- it: test RoleBinding metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: RoleBinding
@@ -44,6 +47,9 @@ tests:
value: ozgcloud-elster-transfer-operator-deployment-read-role-binding
documentIndex: 0
- it: test RoleBinding subject
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: subjects
@@ -53,6 +59,9 @@ tests:
namespace: etr-operator
documentIndex: 0
- it: test RoleBinding roleRef
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- equal:
path: roleRef
@@ -63,6 +72,9 @@ tests:
documentIndex: 0
- it: test Role metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: Role
@@ -74,6 +86,9 @@ tests:
value: ozgcloud-elster-transfer-operator-deployment-read-role
documentIndex: 1
- it: test RoleBinding rules
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: rules
@@ -87,4 +102,12 @@ tests:
verbs:
- get
- list
- documentIndex: 1
\ No newline at end of file
+ documentIndex: 1
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
\ No newline at end of file
diff --git a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
index 5166cd393cd584a00bfff0060b5fb7e177c3f362..401dc0e3914af2d7583b71fa50fcafb6ab958053 100644
--- a/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
+++ b/elster-transfer/unit-tests/ozgcloud_elstertransfer_operator_deployment_write_role_test.yaml
@@ -33,6 +33,9 @@ templates:
- templates/ozgcloud_elstertransfer_operator_deployment_write_role.yaml
tests:
- it: test RoleBinding metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: RoleBinding
@@ -44,6 +47,9 @@ tests:
value: ozgcloud-elster-transfer-operator-deployment-write-role-binding
documentIndex: 0
- it: test RoleBinding subject
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: subjects
@@ -53,6 +59,9 @@ tests:
namespace: etr-operator
documentIndex: 0
- it: test RoleBinding roleRef
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- equal:
path: roleRef
@@ -63,6 +72,9 @@ tests:
documentIndex: 0
- it: test Role metadata
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- isKind:
of: Role
@@ -74,6 +86,9 @@ tests:
value: ozgcloud-elster-transfer-operator-deployment-write-role
documentIndex: 1
- it: test RoleBinding rules
+ set:
+ userAuthentication:
+ enabled: true
asserts:
- contains:
path: rules
@@ -87,4 +102,12 @@ tests:
verbs:
- update
- patch
- documentIndex: 1
\ No newline at end of file
+ documentIndex: 1
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
\ No newline at end of file