{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role
metadata:
  name: {{ template "enterprise-logs.tokengenFullname" . }}
  labels:
    {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }}
    {{- with .Values.enterprise.tokengen.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    {{- with .Values.enterprise.tokengen.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    "helm.sh/hook": post-install
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create", "get", "patch"]
{{- end }}