# Copyright © 2020 Samsung Electronics
# Modifications Copyright © 2023 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Global flag to enable the creation of default roles instead of using
# common roles-wrapper
global:
  createDefaultRoles: false

# Default roles will be created by roles wrapper,
# if "createDefaultRoles=false"
roles:
  - nothing
  # - read
  # - create

# Flag to enable the creation of default roles instead of using
# common roles-wrapper
createDefaultRoles: false
defaultRoles:
  - nothing
  - read
  - create

new_roles_definitions: {}
#  few-read:
#    - apiGroups:
#        -  ""
#      resources:
#        - "pods"
#      verbs:
#        - "get"
#        - "watch"
#        - "list"

role:
  read:
    - apiGroups:
      - "" # "" indicates the core API group
      resources:
      - services
      - pods
      - endpoints
      verbs:
      - get
      - watch
      - list
    - apiGroups:
      - batch
      resources:
      - jobs
      verbs:
      - get
      - watch
      - list
    - apiGroups:
      - batch
      resources:
      - jobs/status
      verbs:
      - get
    - apiGroups:
      - apps
      resources:
      - statefulsets
      - replicasets
      - deployments
      - statefulsets
      - daemonsets
      verbs:
      - get
      - watch
      - list
    - apiGroups:
      - apps
      resources:
      - replicasets/status
      - deployments/status
      - statefulsets/status
      verbs:
      - get
  create:
    - apiGroups:
      - "" # "" indicates the core API group
      - apps
      - batchs
      - extensions
      resources:
      - pods
      - deployments
      - deployments/status
      - jobs
      - jobs/status
      - statefulsets
      - replicasets
      - replicasets/status
      - daemonsets
      - secrets
      - services
      verbs:
      - get
      - watch
      - list
    - apiGroups:
      - "" # "" indicates the core API group
      - apps
      resources:
      - statefulsets
      - configmaps
      verbs:
      - patch
    - apiGroups:
      - "" # "" indicates the core API group
      - apps
      resources:
      - deployments
      - secrets
      - services
      - pods
      verbs:
      - create
    - apiGroups:
      - "" # "" indicates the core API group
      - apps
      resources:
      - pods
      - persistentvolumeclaims
      - secrets
      - deployments
      - services
      verbs:
      - delete
    - apiGroups:
      - "" # "" indicates the core API group
      - apps
      resources:
      - pods/exec
      verbs:
      - create
      - get
    - apiGroups:
      - cert-manager.io
      resources:
      - certificates
      verbs:
      - create
      - delete