From a6ea5bcb100a4fefbadf70ee343548dd5e83363a Mon Sep 17 00:00:00 2001
From: treydock <tdockendorf@osc.edu>
Date: Wed, 3 Apr 2024 10:48:13 -0400
Subject: [PATCH] Give PAAS access to cert-manager resources (#232)

* Give PAAS access to cert-manager resources

* Only manage cert-manager RBAC if API resources are present
---
 .github/workflows/test.yaml            |  6 ++++++
 charts/paas/Chart.yaml                 |  2 +-
 charts/paas/README.md                  |  2 +-
 charts/paas/templates/clusterrole.yaml | 20 ++++++++++++++++++++
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index bd97977..816e654 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -95,6 +95,12 @@ jobs:
         run: |
           helm repo add kyverno https://kyverno.github.io/kyverno/
           helm install kyverno kyverno/kyverno -n kyverno --create-namespace --version 3.1.4
+      # TODO: Implement if/when need to validate with cert-manager resources
+      #- name: Install cert-manager
+      #  if: matrix.chart == 'paas'
+      #  run: |
+      #    helm repo add jetstack https://charts.jetstack.io
+      #    helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --version v1.14.4 --set installCRDs=true
       - name: Add namespaces
         run: kubectl create namespace ${{ matrix.chart }}
       - name: Run chart-testing (install)
diff --git a/charts/paas/Chart.yaml b/charts/paas/Chart.yaml
index 5ebe3ee..895caa2 100644
--- a/charts/paas/Chart.yaml
+++ b/charts/paas/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: paas
 description: OSC PAAS bootstrap Helm Chart
 type: application
-version: 0.1.1
+version: 0.2.0
 appVersion: "0.1.0"
 maintainers:
   - name: treydock
diff --git a/charts/paas/README.md b/charts/paas/README.md
index 9dab7f5..d781800 100644
--- a/charts/paas/README.md
+++ b/charts/paas/README.md
@@ -1,6 +1,6 @@
 # paas
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
 OSC PAAS bootstrap Helm Chart
 
diff --git a/charts/paas/templates/clusterrole.yaml b/charts/paas/templates/clusterrole.yaml
index c414474..bbf758d 100644
--- a/charts/paas/templates/clusterrole.yaml
+++ b/charts/paas/templates/clusterrole.yaml
@@ -67,3 +67,23 @@ rules:
     - patch
     - update
     - delete
+{{ if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
+- apiGroup: ["cert-manager.io"]
+  resources:
+    - certificates
+    - certificaterequests
+  verbs:
+    - get
+    - list
+    - watch
+{{ end -}}
+{{ if .Capabilities.APIVersions.Has "acme.cert-manager.io/v1" -}}
+- apiGroup: ["acme.cert-manager.io"]
+  resources:
+    - orders
+    - challenges
+  verbs:
+    - get
+    - list
+    - watch
+{{ end -}}