From afb9dd3dfdf5ff144c0ea88ad42d69d8a3209195 Mon Sep 17 00:00:00 2001
From: Predrag Knezevic <pknezevi@redhat.com>
Date: Mon, 17 Aug 2020 17:20:29 +0200
Subject: [PATCH] Add RedHat Helm chart repository as default repo in OCP
 payload

Although console endpoint `/api/helm/charts/index.yaml` handles the situation
when there is no HelmChartRepository CR present in the cluster, we should align
us to other default cluster settings and provide the default HelmChartRepository CR in the payload.
Default configuration can be removed/edited by cluster admin.

Prior introducing openshift/console#5933 all authenticated users could browse the charts from the chart repo.
This PR restores that functionality by introducing additional `helm-chartrepos-viewer` ClusterRole,
binding it to all authenticated users.
---
 manifests/01-helm.yaml                     | 10 ++++++++++
 manifests/03-rbac-role-cluster.yaml        | 13 +++++++++++++
 manifests/04-rbac-rolebinding-cluster.yaml | 15 +++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 manifests/01-helm.yaml

diff --git a/manifests/01-helm.yaml b/manifests/01-helm.yaml
new file mode 100644
index 0000000000..999cf3bcfb
--- /dev/null
+++ b/manifests/01-helm.yaml
@@ -0,0 +1,10 @@
+apiVersion: helm.openshift.io/v1beta1
+kind: HelmChartRepository
+metadata:
+  annotations:
+    "release.openshift.io/create-only": 'true'
+  name: redhat-helm-repo
+spec:
+  name: Red Hat Helm Charts
+  connectionConfig:
+    url: https://redhat-developer.github.io/redhat-helm-charts
diff --git a/manifests/03-rbac-role-cluster.yaml b/manifests/03-rbac-role-cluster.yaml
index 9666f7f118..39be15bae8 100644
--- a/manifests/03-rbac-role-cluster.yaml
+++ b/manifests/03-rbac-role-cluster.yaml
@@ -97,3 +97,16 @@ rules:
   - validatingwebhookconfigurations
   verbs:
   - get
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: helm-chartrepos-viewer
+rules:
+  - apiGroups:
+      - helm.openshift.io
+    resources:
+      - helmchartrepositories
+    verbs:
+      - get
+      - list
diff --git a/manifests/04-rbac-rolebinding-cluster.yaml b/manifests/04-rbac-rolebinding-cluster.yaml
index ce78f66f5e..c9a78b205d 100644
--- a/manifests/04-rbac-rolebinding-cluster.yaml
+++ b/manifests/04-rbac-rolebinding-cluster.yaml
@@ -54,3 +54,18 @@ subjects:
   - kind: ServiceAccount
     name: console
     namespace: openshift-console
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  annotations:
+    "release.openshift.io/create-only": 'true'
+  name: helm-chartrepos-view
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: 'system:authenticated'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: helm-chartrepos-viewer
\ No newline at end of file