{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ template "redis.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "redis.name" . }}
    chart: {{ template "redis.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
rules:
{{- if .Values.podSecurityPolicy.create }}
  - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: [{{ template "redis.fullname" . }}]
{{- end -}}
{{- if .Values.rbac.role.rules }}
{{- toYaml .Values.rbac.role.rules | nindent 2 }}
{{- end -}}
{{- end -}}