{{- define "lib.rbac" -}}
{{- range $k, $v := .Values.rbac }}
{{- $customName := printf "%s-%s" (include "chart.fullname" $) $k }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $v.role.kind }}
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
rules:
{{ $v.role.rules | toYaml | indent 2}}

{{- if $v.serviceAccount }}
---
apiVersion: v1
kind: ServiceAccount
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
---
kind: {{ $v.binding.kind }}
apiVersion: rbac.authorization.k8s.io/v1
{{- include "lib.metadata" (dict "Context" $ "customName" $customName)}}
subjects:

- kind: ServiceAccount
  name: {{ $customName }}
  namespace: {{ $.Release.Namespace }}
roleRef:
  kind: {{ $v.role.kind }}
  name: {{ $customName }}
  apiGroup: rbac.authorization.k8s.io
{{- end  }}
{{- end  }}

{{- end -}}