From 975434f6e8a692ce036511a03da34da7ceb6ce37 Mon Sep 17 00:00:00 2001
From: jm96441n <john.maguire@hashicorp.com>
Date: Fri, 19 Apr 2024 11:54:21 -0400
Subject: [PATCH] remove unnecessary permissions for terminating gateways

---
 .../consul/templates/terminating-gateways-role.yaml | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/charts/consul/templates/terminating-gateways-role.yaml b/charts/consul/templates/terminating-gateways-role.yaml
index 4ae280ca81..51e37664d3 100644
--- a/charts/consul/templates/terminating-gateways-role.yaml
+++ b/charts/consul/templates/terminating-gateways-role.yaml
@@ -16,25 +16,14 @@ metadata:
     release: {{ $root.Release.Name }}
     component: terminating-gateway
     terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
-{{- if (or $root.Values.global.acls.manageSystemACLs $root.Values.global.enablePodSecurityPolicies) }}
-rules:
 {{- if $root.Values.global.enablePodSecurityPolicies }}
+rules:
   - apiGroups: ["policy"]
     resources: ["podsecuritypolicies"]
     resourceNames:
       -  {{ template "consul.fullname" $root }}-{{ .name }}
     verbs:
       - use
-{{- end }}
-{{- if $root.Values.global.acls.manageSystemACLs }}
-  - apiGroups: [""]
-    resources:
-      - secrets
-    resourceNames:
-      -  {{ template "consul.fullname" $root }}-{{ .name }}-acl-token
-    verbs:
-      - get
-{{- end }}
 {{- else }}
 rules: []
 {{- end }}