change to using extraRules

README.md

@@ -103,15 +103,14 @@ The cluster contains several default security context constraints (SCCs). The av
 
 Example:
 
-
 ```yaml
 role:
   create: true
-
-scc:
-  resourceNames:
-    - privileged
-    - hostnetwork
+  extraRoles:
+    - apiGroups: ["security.openshift.io"]
+      resources: ["securitycontextconstraints"]
+      resourceNames: ["anyuid"]
+      verbs: ["use"]
 ```
 
 For a more comprehensive overview, see the official SCC documentation: [OpenShift SCCs](https://docs.openshift.com/container-platform/4.16/authentication/managing-security-context-constraints.html)

charts/localstack/templates/role.yaml

@@ -19,12 +19,15 @@ rules:
 - apiGroups: [""]
   resources: ["services"]
   verbs: ["get", "list"]
-{{- if .Values.scc }}
-- apiGroups: ["security.openshift.io"]
-  resources: ["securitycontextconstraints"]
-  resourceNames:
-    {{- range .Values.scc.resourceNames }}
-    - {{ . | quote }}
-  verbs: ["use"]
+{{- if .Values.role.extraRoles }}
+  {{- range .Values.role.extraRoles }}
+- apiGroups: {{ toJson .apiGroups | nindent 2 }}
+  resources: {{ toJson .resources | nindent 2 }}
+  {{- if .resourceNames }}
+  resourceNames: {{ toJson .resourceNames | nindent 2 }}
+  {{- end }}
+  verbs: {{ toJson .verbs | nindent 2 }}
+  {{- end }}
 {{- end }}
 {{- end }}
+

charts/localstack/values.yaml

@@ -45,13 +45,6 @@ role:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-## OpenShift Security Context Constraints.  When set to 'true' it will add SecurityContextConstraings (SCC)
-## to the role
-scc:
-  resourceNames:
-    - anyuid
-    - nonroot
-
 podLabels: {}
 
 podAnnotations: {}