{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if and .Values.rbac.create (or .Values.agent.enabled .Values.configAsCode.enabled .Values.rbac.rules) }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
  name: {{ include "common.names.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
  {{- end }}
rules:
  {{- if .Values.agent.enabled }}
  - apiGroups:
      - ""
    resources:
      - "pods"
      - "pods/exec"
      - "pods/log"
      - "persistentvolumeclaims"
      - "events"
    verbs:
      - "get"
      - "list"
      - "watch"
  - apiGroups:
      - ""
    resources:
      - "pods"
      - "pods/exec"
      - "persistentvolumeclaims"
    verbs:
      - "create"
      - "delete"
      - "deletecollection"
      - "patch"
      - "update"
  {{- end }}
  {{- if .Values.configAsCode.enabled }}
  - apiGroups:
      - ""
    resources:
      - "configmaps"
    verbs:
      - "get"
      - "watch"
      - "list"
  {{- end }}
  {{- if .Values.rbac.rules }}
  {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
  {{- end }}
{{- end }}