From 48750a44744bd1db3aaac1870075d5082405537b Mon Sep 17 00:00:00 2001
From: Casper Thygesen <cth@trifork.com>
Date: Fri, 20 Mar 2026 07:34:02 +0100
Subject: [PATCH] Added rbac.create flag check for end-user clusterroles in
 helm chart

---
 .../templates/rbac/view-configauditreports-clusterrole.yaml     | 2 ++
 .../templates/rbac/view-exposedsecretreports-clusterrole.yaml   | 2 ++
 .../templates/rbac/view-vulnerabilityreports-clusterrole.yaml   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/deploy/helm/templates/rbac/view-configauditreports-clusterrole.yaml b/deploy/helm/templates/rbac/view-configauditreports-clusterrole.yaml
index 6212360f7..725d58906 100644
--- a/deploy/helm/templates/rbac/view-configauditreports-clusterrole.yaml
+++ b/deploy/helm/templates/rbac/view-configauditreports-clusterrole.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 # permissions for end users to view configauditreports
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -18,3 +19,4 @@ rules:
       - get
       - list
       - watch
+{{- end }}
diff --git a/deploy/helm/templates/rbac/view-exposedsecretreports-clusterrole.yaml b/deploy/helm/templates/rbac/view-exposedsecretreports-clusterrole.yaml
index e713796fe..a3ef8771f 100644
--- a/deploy/helm/templates/rbac/view-exposedsecretreports-clusterrole.yaml
+++ b/deploy/helm/templates/rbac/view-exposedsecretreports-clusterrole.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 # permissions for end users to view exposedsecretreports
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -18,3 +19,4 @@ rules:
       - get
       - list
       - watch
+{{- end }}
diff --git a/deploy/helm/templates/rbac/view-vulnerabilityreports-clusterrole.yaml b/deploy/helm/templates/rbac/view-vulnerabilityreports-clusterrole.yaml
index 3731f2573..482eec669 100644
--- a/deploy/helm/templates/rbac/view-vulnerabilityreports-clusterrole.yaml
+++ b/deploy/helm/templates/rbac/view-vulnerabilityreports-clusterrole.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 # permissions for end users to view vulnerabilityreports
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -18,3 +19,4 @@ rules:
       - get
       - list
       - watch
+{{- end }}