make RBAC changes only when role-sync-controller is enabled

demonCoder95 · demonCoder95 · commit 6bda2f6155c6 · 2024-11-25T14:32:09.000+01:00
diff --git a/cluster/manifests/roles/collaborator-roles.yaml b/cluster/manifests/roles/collaborator-roles.yaml
@@ -14,6 +14,7 @@ rules:
   - update
   - patch
   - delete
+{{ if eq .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
 - apiGroups:
   - ""
   resources:
@@ -22,6 +23,7 @@ rules:
   - get
   - list
   - watch
+{{ end }}
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/cluster/manifests/roles/poweruser-role.yaml b/cluster/manifests/roles/poweruser-role.yaml
@@ -58,6 +58,21 @@ rules:
   - services/proxy
   verbs:
   - get
+{{ if ne .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{ end }}
 - apiGroups:
   - ''
   - extensions
