diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
index 8c47d52dec2b59033df18db810b85995218b8f8d..10db7d05c3016d0398e905072721136776d3b692 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
@@ -1,14 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: elasticsearch-edit-role
+ name: ozgcloud-elasticsearch-operator-edit-role
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: elasticsearch-edit-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ozgcloud-operator
app.kubernetes.io/part-of: ozgcloud-operator
- app.kubernetes.io/managed-by: kustomize
rules:
- apiGroups:
- api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..856aa637f4164e537213ebe1415dbee0e1137e61
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml
@@ -0,0 +1,13 @@
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elasticsearch-operator-edit-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: ozgcloud-elasticsearch-operator-edit-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
index 04d9878be43ddea92c921d1fc22350327f5bf7b0..be09c644f74078b7ca686c9a5d82e4d10f769b32 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
@@ -1,14 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: elasticsearch-view-role
+ name: ozgcloud-elasticsearch-operator-view-role
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: elasticsearch-view-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ozgcloud-operator
app.kubernetes.io/part-of: ozgcloud-operator
- app.kubernetes.io/managed-by: kustomize
rules:
- apiGroups:
- api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..150d7509b3921c1e5815e3a83e9eaf44d4f2258f
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml
@@ -0,0 +1,13 @@
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elasticsearch-operator-view-role-binding
+subjects:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: ozgcloud-elasticsearch-operator-view-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a1441499d95af95ada1da6ab84ec0e3584abc095
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml
@@ -0,0 +1,28 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
index 6b3bcc3f9bbc22b59f2a5ba6df62f3aa672e373a..f1f673ec577f68d236b0bfec4315c7519f0bd9fd 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
@@ -16,7 +16,7 @@ tests:
asserts:
- equal:
path: metadata.name
- value: elasticsearch-edit-role
+ value: ozgcloud-elasticsearch-operator-edit-role
- it: should have metadata labels name
asserts:
- equal:
@@ -42,11 +42,6 @@ tests:
- equal:
path: metadata.labels.[app.kubernetes.io/part-of]
value: ozgcloud-operator
- - it: should have metadata labels managed-by
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/managed-by]
- value: kustomize
- it: should have rules for ozgcloudelasticsearches resource
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3f81f9c268a21fdfffaac19677fd1512036aa597
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
@@ -0,0 +1,41 @@
+
+
+suite: elasticsearch_view_rolebinding test
+release:
+ namespace: sh-helm-test
+templates:
+ - templates/rbac/elasticsearch_view_rolebinding.yaml
+tests:
+ - it: should have apiVersion
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+ - it: should have isKind of
+ asserts:
+ - isKind:
+ of: ClusterRoleBinding
+
+ - it: should have metadata name
+ asserts:
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elasticsearch-operator-view-role-binding
+
+ - it: should have subjects
+ asserts:
+ - equal:
+ path: subjects
+ value:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: sh-helm-test
+
+ - it: should have roleRef
+ asserts:
+ - equal:
+ path: roleRef
+ value:
+ kind: ClusterRole
+ name: ozgcloud-elasticsearch-operator-view-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
index d5848807e80aa0a49c677e1e86f59f9725e81578..b82cdab92573a5c6115e5b9665b9e3c71de91df9 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
@@ -16,7 +16,7 @@ tests:
asserts:
- equal:
path: metadata.name
- value: elasticsearch-view-role
+ value: ozgcloud-elasticsearch-operator-view-role
- it: should have metadata labels name
asserts:
- equal:
@@ -42,11 +42,6 @@ tests:
- equal:
path: metadata.labels.[app.kubernetes.io/part-of]
value: ozgcloud-operator
- - it: should have metadata labels managed-by
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/managed-by]
- value: kustomize
- it: should have rules for ozgcloudelasticsearches resource
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cb9d61a6efaac144cab34a48bd9e369704153712
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
@@ -0,0 +1,41 @@
+
+
+suite: elasticsearch_edit_rolebinding test
+release:
+ namespace: sh-helm-test
+templates:
+ - templates/rbac/elasticsearch_edit_rolebinding.yaml
+tests:
+ - it: should have apiVersion
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+ - it: should have isKind of
+ asserts:
+ - isKind:
+ of: ClusterRoleBinding
+
+ - it: should have metadata name
+ asserts:
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elasticsearch-operator-edit-role-binding
+
+ - it: should have subjects
+ asserts:
+ - equal:
+ path: subjects
+ value:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: sh-helm-test
+
+ - it: should have roleRef
+ asserts:
+ - equal:
+ path: roleRef
+ value:
+ kind: ClusterRole
+ name: ozgcloud-elasticsearch-operator-edit-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee12d824493ca3cbda9fb1f9c16c7247a34f591c
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
@@ -0,0 +1,41 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: ServiceAccount test
+release:
+ name: ozgcloud-elasticsearch-operator
+ namespace: test-namespace
+templates:
+ - templates/rbac/serviceaccount.yaml
+tests:
+ - it: test metadata
+ asserts:
+ - isKind:
+ of: ServiceAccount
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elasticsearch-operator-serviceaccount
+ - equal:
+ path: metadata.namespace
+ value: test-namespace
\ No newline at end of file