apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: eks-connector-service
subjects:
  - kind: ServiceAccount
    name: eks-connector
    namespace: eks-connector
roleRef:
  kind: ClusterRole
  name: eks-connector-service
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: eks-connector-service
rules:
  - apiGroups: [ "" ]
    resources:
      - users
    verbs:
      - impersonate
    resourceNames:
      {{- range $arn := .Values.authentication.allowedUserARNs }}
      - {{ $arn }}
      {{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: eks-connector-view
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
subjects:
  {{- range $arn := .Values.authentication.allowedUserARNs }}
  - kind: User
    name: {{ $arn }}
  {{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: eks-connector-public-info-view
roleRef:
  kind: ClusterRole
  name: system:public-info-viewer
  apiGroup: rbac.authorization.k8s.io
subjects:
  {{- range $arn := .Values.authentication.allowedUserARNs }}
  - kind: User
    name: {{ $arn }}
  {{- end }}