add the option to add labels to mirrord user roles (#124)

metalbear-co · Nov 22, 2024 · cf3ee7b · cf3ee7b
1 parent 1101406
commit cf3ee7b
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 1 deletion.
diff --git a/mirrord-operator/Chart.yaml b/mirrord-operator/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.10.6
+version: 1.11.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/mirrord-operator/templates/cluster-role.yaml b/mirrord-operator/templates/cluster-role.yaml
@@ -156,6 +156,9 @@ metadata:
   name: mirrord-operator-user
   labels:
     {{- include "mirrord-operator.labels" . | nindent 4 }}
+    {{- if index .Values.clusterRole "mirrord-operator-user" "labels" }}
+          {{- toYaml (index .Values.clusterRole "mirrord-operator-user" "labels") | nindent 4 }}
+    {{- end }}
 rules:
 {{- include "mirrord-operator.rules" . | nindent 0 }}
 {{- include "mirrord-operator.clusterRules" . | nindent 0 }}
@@ -166,5 +169,8 @@ metadata:
   name: mirrord-operator-user-basic
   labels:
     {{- include "mirrord-operator.labels" . | nindent 4 }}
+    {{- if index .Values.clusterRole "mirrord-operator-user-basic" "labels" }}
+          {{- toYaml (index .Values.clusterRole "mirrord-operator-user-basic" "labels") | nindent 4 }}
+    {{- end }}
 rules:
 {{- include "mirrord-operator.clusterRules" . | nindent 0 }}
diff --git a/mirrord-operator/templates/namespaced-role.yaml b/mirrord-operator/templates/namespaced-role.yaml
@@ -6,6 +6,9 @@ metadata:
   namespace: {{.}}
   labels:
     {{- include "mirrord-operator.labels" $ | nindent 4 }}
+    {{- if index .Values.role "mirrord-operator-user" "labels" }}
+          {{- toYaml (index .Values.role "mirrord-operator-user" "labels") | nindent 4 }}
+    {{- end }}
 rules:
 {{- include "mirrord-operator.rules" . | nindent 0 }}
 ---

diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml
@@ -13,6 +13,20 @@ createNamespace: true
 ## and it can be bound via rolebinding (That you need to create yourself).
 roleNamespaces: []
 
+role:
+  # Note there's a cluster role version of it below.
+  mirrord-operator-user:
+    # add labels to the role, for i.e aggregate RBAC
+    labels: {}
+
+clusterRole:
+  mirrord-operator-user-basic:
+    # add labels to the role, for i.e aggregate RBAC
+    labels: {}
+  mirrord-operator-user:
+    # add labels to the role, for i.e aggregate RBAC
+    labels: {}
+
 operator:
   image: ghcr.io/metalbear-co/operator
   podAnnotations: {}

diff --git a/test_values/operator_role_labels.yaml b/test_values/operator_role_labels.yaml
@@ -0,0 +1,25 @@
+license:
+  file:
+    secret: mirrord-operator-license
+    data:
+      license.pem: "DOESN'TNEEDTOBOOTSOITCANBEINVALID"
+
+role:
+  # Note there's a cluster role version of it below.
+  mirrord-operator-user:
+    # add labels to the role, for i.e aggregate RBAC
+    labels:
+      rbac.authorization.k8s.io/aggregate-to-admin: "true"
+      rbac.authorization.k8s.io/aggregate-to-edit: "true"
+
+clusterRole:
+  mirrord-operator-user-basic:
+    # add labels to the role, for i.e aggregate RBAC
+    labels:
+      rbac.authorization.k8s.io/aggregate-to-admin: "true"
+      rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  mirrord-operator-user:
+    # add labels to the role, for i.e aggregate RBAC
+    labels:
+      rbac.authorization.k8s.io/aggregate-to-admin: "true"
+      rbac.authorization.k8s.io/aggregate-to-edit: "true"