From f3c66ecf03a4da3804ee2e64fb6a5559f3f5d167 Mon Sep 17 00:00:00 2001
From: Todd Turner <todd@toddtee.sh>
Date: Fri, 13 Jan 2023 20:56:48 +1000
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20Remove=20Superfluous=20Rule=20fr?=
 =?UTF-8?q?om=20helm-dashboard=20ClusterRole=20(#187)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A superfluous rule is added to the ClusterRole upon creation,
when the dashboard.allowWriteActions value is set to true.
This commit will ensure that only a single rule is created within
the ClusterRole, regardless of whether the dashboard.allowWriteActions
value is enabled or not.
The verbs within this rule will update accordingly.
---
 charts/helm-dashboard/templates/serviceaccount.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/charts/helm-dashboard/templates/serviceaccount.yaml b/charts/helm-dashboard/templates/serviceaccount.yaml
index b93502a..be8d27d 100644
--- a/charts/helm-dashboard/templates/serviceaccount.yaml
+++ b/charts/helm-dashboard/templates/serviceaccount.yaml
@@ -19,11 +19,10 @@ metadata:
 rules:
   - apiGroups: ["*"]
     resources: ["*"]
-    verbs: ["get", "list", "watch"]
   {{- if .Values.dashboard.allowWriteActions }}
-  - apiGroups: ["*"]
-    resources: ["*"]
     verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+  {{- else }}
+    verbs: ["get", "list", "watch"]
   {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1