From 943a400b9a5e351a62bab6715922a83430ba2bd7 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Thu, 28 Dec 2017 22:04:55 -0600
Subject: [PATCH] RBAC: Fix issue with inclusion of empty jobs or daemonsets

Currently, the rbac logic would allow for ``jobs`` or ``daemonsets``
if it is specified in the dependencies, even if they may just be empty
or null.  This patch set addresses this by checking the jobs or
daemonsets map in the value.yaml is non-empty before including it
in the Role.

This mirrors the fix in OSH-infra in [0].

[0] https://review.openstack.org/#/c/530337/1

Change-Id: I37e8d8c1a0d587410811c544e049bbafed73cba8
Signed-off-by: Tin Lam <tin@irrational.io>
---
 .../snippets/_kubernetes_pod_rbac_serviceaccount.tpl          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index 9ad9ccc2f0..73bc903b9a 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -36,9 +36,9 @@ metadata:
 {{- $_ := set $allNamespace $endpointNS (printf "%s%s" "services," ((index $allNamespace $endpointNS) | default "")) }}
 {{- end -}}
 {{- end -}}
-{{- else if eq $k "jobs" }}
+{{- else if and (eq $k "jobs") $v }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }}
-{{- else if eq $k "daemonset" }}
+{{- else if and (eq $k "daemonset") $v }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
 {{- end -}}
 {{- end -}}