From e234e8d932db7e20e394ca739291a9bda1c7f430 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Thu, 28 Dec 2017 04:28:11 -0600
Subject: [PATCH] RBAC: Fix issue with inclusion of empty jobs or daemonsets

Currently, the rbac logic would allow for ``jobs`` or ``daemonsets``
if it is specified in the dependencies, even if they may just be empty
or null.  This patch set addresses this by checking the jobs or
daemonsets map in the value.yaml is non-empty before including it
in the Role.

Change-Id: I67f940e1e71c371b63d8d1e9b4f47af633a6bfa4
---
 .../snippets/_kubernetes_pod_rbac_serviceaccount.tpl          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index 9ad9ccc2f0..73bc903b9a 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -36,9 +36,9 @@ metadata:
 {{- $_ := set $allNamespace $endpointNS (printf "%s%s" "services," ((index $allNamespace $endpointNS) | default "")) }}
 {{- end -}}
 {{- end -}}
-{{- else if eq $k "jobs" }}
+{{- else if and (eq $k "jobs") $v }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }}
-{{- else if eq $k "daemonset" }}
+{{- else if and (eq $k "daemonset") $v }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
 {{- end -}}
 {{- end -}}