From 55e9e83916217a23bfca3b6a87a0b458acc0291c Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 20 Dec 2023 12:24:21 +0100
Subject: [PATCH] OZG-4453 add rbac for elasticsearch admin secret, cleanup

---
 ...earch_operator_admin_secret_view_role.yaml | 38 +++++++++++
 ...perator_admin_secret_view_rolebinding.yaml | 37 ++++++++++
 ...oud_elasticsearch_operator_edit_role.yaml} |  8 +--
 ...sticsearch_operator_edit_rolebinding.yaml} |  0
 ...lasticsearch_operator_serviceaccount.yaml} |  0
 ...oud_elasticsearch_operator_view_role.yaml} |  8 +--
 ...sticsearch_operator_view_rolebinding.yaml} |  0
 .../src/main/helm/values.yaml                 |  3 +
 .../helm/deployment_pull_secret_test.yaml     |  2 +-
 ..._operator_admin_secret_view_role_test.yaml | 68 +++++++++++++++++++
 ...or_admin_secret_view_rolebinding_test.yaml | 64 +++++++++++++++++
 ...lasticsearch_operator_edit_role_test.yaml} | 20 ++----
 ...earch_operator_edit_rolebinding_test.yaml} |  2 +-
 ...csearch_operator_serviceaccount_test.yaml} |  4 +-
 ...lasticsearch_operator_view_role_test.yaml} | 20 ++----
 ...earch_operator_view_rolebinding_test.yaml} |  2 +-
 ...l => keycloak_admin_secret_read_test.yaml} |  0
 17 files changed, 233 insertions(+), 43 deletions(-)
 create mode 100644 ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
 create mode 100644 ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
 rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_edit_role.yaml => ozgcloud_elasticsearch_operator_edit_role.yaml} (62%)
 rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_edit_rolebinding.yaml => ozgcloud_elasticsearch_operator_edit_rolebinding.yaml} (100%)
 rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{serviceaccount.yaml => ozgcloud_elasticsearch_operator_serviceaccount.yaml} (100%)
 rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_view_role.yaml => ozgcloud_elasticsearch_operator_view_role.yaml} (60%)
 rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_view_rolebinding.yaml => ozgcloud_elasticsearch_operator_view_rolebinding.yaml} (100%)
 create mode 100644 ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
 create mode 100644 ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
 rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_edit_role_test.yaml => ozgcloud_elasticsearch_operator_edit_role_test.yaml} (76%)
 rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_edit_rolebinding_test.yaml => ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml} (92%)
 rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{serviceaccount_test.yaml => ozgcloud_elasticsearch_operator_serviceaccount_test.yaml} (90%)
 rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_view_role_test.yaml => ozgcloud_elasticsearch_operator_view_role_test.yaml} (75%)
 rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_view_rolebinding_test.yaml => ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml} (92%)
 rename ozgcloud-keycloak-operator/src/test/helm/rbacs/{keycloak_admin_secret_read.yaml => keycloak_admin_secret_read_test.yaml} (100%)

diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
new file mode 100644
index 0000000..f5bfed6
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
@@ -0,0 +1,38 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+  namespace: {{ required "elasticsearch.namespace must be set" (.Values.elasticsearch).namespace }}
+rules:
+  - apiGroups:
+      - ""
+    resourceNames:
+      - {{ required "elasticsearch.adminSecretName must be set" (.Values.elasticsearch).adminSecretName }}
+    resources:
+      - secrets
+    verbs:
+      - get
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
new file mode 100644
index 0000000..f17704d
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
@@ -0,0 +1,37 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ozgcloud-elasticsearch-operator-admin-secret-view-role-binding
+  namespace: {{ required "elasticsearch.namespace must be set" (.Values.elasticsearch).namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: ozgcloud-elasticsearch-operator-serviceaccount
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
similarity index 62%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
index 10db7d0..c481864 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
@@ -3,11 +3,9 @@ kind: ClusterRole
 metadata:
   name: ozgcloud-elasticsearch-operator-edit-role
   labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: elasticsearch-edit-role
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ozgcloud-operator
-    app.kubernetes.io/part-of: ozgcloud-operator
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: ozgcloud-elasticsearch-operator
 rules:
 - apiGroups:
   - api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
similarity index 60%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
index be09c64..e0f3734 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
@@ -3,11 +3,9 @@ kind: ClusterRole
 metadata:
   name: ozgcloud-elasticsearch-operator-view-role
   labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: elasticsearch-view-role
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ozgcloud-operator
-    app.kubernetes.io/part-of: ozgcloud-operator
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: ozgcloud-elasticsearch-operator
 rules:
 - apiGroups:
   - api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
index f35d5cb..d041f12 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
@@ -2,3 +2,6 @@
 image:
   repo: docker.ozg-sh.de
 
+elasticsearch:
+    namespace: elastic-system
+    adminSecretName: ozg-search-cluster-es-elastic-user
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
index 86f4bbc..983d275 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
@@ -24,7 +24,7 @@
 
 suite: deployment pull secret
 release:
-  name: ozgcloud-keycloak-operator
+  name: ozgcloud-elasticsearch-operator
   namespace: sh-helm-test
 templates:
   - deployment.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
new file mode 100644
index 0000000..ced2580
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
@@ -0,0 +1,68 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: Elasticsearch admin secret view role test
+release:
+  name: ozgcloud-elasticsearch-operator
+  namespace: test-namespace
+templates:
+  - templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
+tests:
+  - it: should have apiVersion
+    asserts: 
+      - equal:
+          path: apiVersion
+          value: rbac.authorization.k8s.io/v1
+  - it: should have isKind of
+    asserts:
+      - isKind:
+          of: Role
+
+  - it: should have metadata name
+    asserts:
+      - equal:
+          path: metadata.name
+          value: ozgcloud-elasticsearch-operator-admin-secret-view-role
+  - it: should have metadata namespace
+    asserts:
+      - equal:
+          path: metadata.namespace
+          value: elastic-system
+  
+
+  - it: should have rules for ozgcloudelasticsearches resource
+    asserts:
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - ""
+              resourceNames:
+                - ozg-search-cluster-es-elastic-user
+              resources:
+                - secrets
+              verbs:
+                - get
+      
+      
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
new file mode 100644
index 0000000..9cde6cc
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: Elasticsearch admin secret view rolebinding test
+release:
+  name: ozgcloud-elasticsearch-operator
+  namespace: sh-helm-test
+templates:
+  - templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
+tests:
+  - it: should have apiVersion
+    asserts: 
+      - equal:
+          path: apiVersion
+          value: rbac.authorization.k8s.io/v1
+  - it: should have isKind of
+    asserts:
+      - isKind:
+          of: RoleBinding
+
+  - it: should have metadata name
+    asserts:
+      - equal:
+          path: metadata.name
+          value: ozgcloud-elasticsearch-operator-admin-secret-view-role-binding
+
+  - it: should have subjects
+    asserts:
+      - equal:
+          path: subjects
+          value:
+            - kind: ServiceAccount
+              name: ozgcloud-elasticsearch-operator-serviceaccount
+              namespace: sh-helm-test
+
+  - it: should have roleRef
+    asserts:
+      - equal:
+          path: roleRef
+          value:
+            kind: Role
+            name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+            apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
similarity index 76%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
index f1f673e..45c38cb 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
@@ -1,6 +1,8 @@
 suite: elasticsearch_edit_role test
+release:
+  name: release-name
 templates:
-  - templates/rbac/elasticsearch_edit_role.yaml
+  - templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
 tests:
   - it: should have apiVersion
     asserts: 
@@ -21,27 +23,17 @@ tests:
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/name]
-          value: clusterrole
+          value: release-name
   - it: should have metadata labels instance
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/instance]
-          value: elasticsearch-edit-role
+          value: release-name
   - it: should have metadata labels component
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/component]
-          value: rbac
-  - it: should have metadata labels created-by
-    asserts: 
-      - equal:
-          path: metadata.labels.[app.kubernetes.io/created-by]
-          value: ozgcloud-operator
-  - it: should have metadata labels part-of
-    asserts: 
-      - equal:
-          path: metadata.labels.[app.kubernetes.io/part-of]
-          value: ozgcloud-operator
+          value: ozgcloud-elasticsearch-operator
 
   - it: should have rules for ozgcloudelasticsearches resource
     asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
similarity index 92%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
index 3f81f9c..25e7418 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
@@ -4,7 +4,7 @@ suite: elasticsearch_view_rolebinding test
 release:
   namespace: sh-helm-test
 templates:
-  - templates/rbac/elasticsearch_view_rolebinding.yaml
+  - templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
 tests:
   - it: should have apiVersion
     asserts: 
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
similarity index 90%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
index ee12d82..c2a93ca 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
 # Ministerpräsidenten des Landes Schleswig-Holstein
 # Staatskanzlei
 # Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -27,7 +27,7 @@ release:
   name: ozgcloud-elasticsearch-operator
   namespace: test-namespace
 templates:
-  - templates/rbac/serviceaccount.yaml
+  - templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
 tests:
   - it: test metadata
     asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
similarity index 75%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
index b82cdab..62daf73 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
@@ -1,6 +1,8 @@
 suite: elasticsearch_view_role test
+release:
+  name: release-name
 templates:
-  - templates/rbac/elasticsearch_view_role.yaml
+  - templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
 tests:
   - it: should have apiVersion
     asserts: 
@@ -21,27 +23,17 @@ tests:
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/name]
-          value: clusterrole
+          value: release-name
   - it: should have metadata labels instance
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/instance]
-          value: elasticsearch-view-role
+          value: release-name
   - it: should have metadata labels component
     asserts: 
       - equal:
           path: metadata.labels.[app.kubernetes.io/component]
-          value: rbac
-  - it: should have metadata labels created-by
-    asserts: 
-      - equal:
-          path: metadata.labels.[app.kubernetes.io/created-by]
-          value: ozgcloud-operator
-  - it: should have metadata labels part-of
-    asserts: 
-      - equal:
-          path: metadata.labels.[app.kubernetes.io/part-of]
-          value: ozgcloud-operator
+          value: ozgcloud-elasticsearch-operator
 
   - it: should have rules for ozgcloudelasticsearches resource
     asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
similarity index 92%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
index cb9d61a..e5191b1 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
@@ -4,7 +4,7 @@ suite: elasticsearch_edit_rolebinding test
 release:
   namespace: sh-helm-test
 templates:
-  - templates/rbac/elasticsearch_edit_rolebinding.yaml
+  - templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
 tests:
   - it: should have apiVersion
     asserts: 
diff --git a/ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read.yaml b/ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read_test.yaml
similarity index 100%
rename from ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read.yaml
rename to ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read_test.yaml
-- 
GitLab