diff --git a/bitnami/rabbitmq-cluster-operator/Chart.yaml b/bitnami/rabbitmq-cluster-operator/Chart.yaml index 2a1f91bb1c..200236a539 100644 --- a/bitnami/rabbitmq-cluster-operator/Chart.yaml +++ b/bitnami/rabbitmq-cluster-operator/Chart.yaml @@ -37,4 +37,4 @@ maintainers: name: rabbitmq-cluster-operator sources: - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq-cluster-operator -version: 4.0.0 +version: 4.1.0 diff --git a/bitnami/rabbitmq-cluster-operator/templates/cluster-operator/aggregate-cluster-roles.yaml b/bitnami/rabbitmq-cluster-operator/templates/cluster-operator/aggregate-cluster-roles.yaml new file mode 100644 index 0000000000..497a2c8fd3 --- /dev/null +++ b/bitnami/rabbitmq-cluster-operator/templates/cluster-operator/aggregate-cluster-roles.yaml @@ -0,0 +1,31 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.clusterOperator.rbac.create -}} +{{- $readonlyVerbs := list "get" "list" "watch" }} +{{- $allVerbs := list "create" "delete" "deletecollection" "get" "list" "patch" "update" "watch" }} +{{- $roles := dict "view" $readonlyVerbs "edit" $allVerbs "admin" $allVerbs }} +{{- range $role, $verbs := $roles -}} +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }} +kind: ClusterRole +metadata: + name: {{ template "common.names.fullname.namespace" $ }}-{{ $role }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/part-of: rabbitmq + rbac.authorization.k8s.io/aggregate-to-{{ $role }}: "true" + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + - rabbitmqclusters/finalizers + verbs: {{ $verbs | toYaml | nindent 6 }} +{{ end }} +{{- end }} diff --git a/bitnami/rabbitmq-cluster-operator/templates/messaging-topology-operator/aggregate-cluster-roles.yaml b/bitnami/rabbitmq-cluster-operator/templates/messaging-topology-operator/aggregate-cluster-roles.yaml new file mode 100644 index 0000000000..946809b495 --- /dev/null +++ b/bitnami/rabbitmq-cluster-operator/templates/messaging-topology-operator/aggregate-cluster-roles.yaml @@ -0,0 +1,44 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.msgTopologyOperator.enabled .Values.msgTopologyOperator.rbac.create -}} +{{- $readonlyVerbs := list "get" "list" "watch" }} +{{- $allVerbs := list "create" "delete" "deletecollection" "get" "list" "patch" "update" "watch" }} +{{- $roles := dict "view" $readonlyVerbs "edit" $allVerbs "admin" $allVerbs }} +{{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.msgTopologyOperator.image "chart" .Chart ) ) }} +{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} +{{- range $role, $verbs := $roles -}} +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }} +kind: ClusterRole +metadata: + name: {{ template "rmqco.msgTopologyOperator.fullname.namespace" $ }}-{{ $role }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: messaging-topology-operator + app.kubernetes.io/part-of: rabbitmq + rbac.authorization.k8s.io/aggregate-to-{{ $role }}: "true" + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - rabbitmq.com + resources: + - bindings + - exchanges + - federations + - operatorpolicies + - permissions + - policies + - queues + - schemareplications + - shovels + - superstreams + - topicpermissions + - users + - vhosts + verbs: {{ $verbs | toYaml | nindent 6 }} +{{ end }} +{{- end -}}