From 6ccc706f0abe6327e4510b5f0de177e15947b611 Mon Sep 17 00:00:00 2001
From: Meera Belur <mbelur@suse.com>
Date: Thu, 22 Feb 2024 08:03:43 -0800
Subject: [PATCH] Csp adapter 3.0.1 rc2 (#3501)

---
 ...ancher-csp-adapter-103.0.1+up3.0.1-rc2.tgz | Bin 0 -> 2143 bytes
 .../103.0.1+up3.0.1-rc2/Chart.yaml            |  17 +++
 .../templates/_helpers.tpl                    |  57 +++++++++
 .../templates/deployment.yaml                 |  48 ++++++++
 .../103.0.1+up3.0.1-rc2/templates/rbac.yaml   | 114 ++++++++++++++++++
 .../templates/serviceAccount.yaml             |  17 +++
 .../103.0.1+up3.0.1-rc2/values.yaml           |  24 ++++
 index.yaml                                    |  21 ++++
 packages/rancher-csp-adapter/package.yaml     |   4 +-
 release.yaml                                  |   2 +
 10 files changed, 302 insertions(+), 2 deletions(-)
 create mode 100644 assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1-rc2.tgz
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/Chart.yaml
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/_helpers.tpl
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/deployment.yaml
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/rbac.yaml
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/serviceAccount.yaml
 create mode 100644 charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/values.yaml

diff --git a/assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1-rc2.tgz b/assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1-rc2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3c692fb1906b1b5909aea2b87058955c690301d7
GIT binary patch
literal 2143
zcmV-l2%z^LiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@bbKAHP&olpu9cDV|wMUAQWhddZo$)EY#M86vv6Z}ZIvxmI
zNvJ`92Y~YVT>bAI@IxXc>cfibw0GKvL?(d!0I<71ETD*>6I346iAN%m7*ws^gec=b
zkeI)E77BtOIO%q?|AQb{{=eNhK7Q5i9-ka{gX2#7=vB}@4m#ae5Im3g&6H|G)T`jD
zWi1=`e?mkEX^3G`=+FV6#1JmWJ|)I*^qFi?RECWhMj;e?rLkMYbi&DlCrFGTT<1NZ
zcXI`&`L1dlHDOVNA_Ui{6y3%ycj*wlDJspR2;t4&{t9isbL0nJ0DrMR-`k&W8i!h4
zbV4YGkbkW1a!)^KgK^_PsYBpQq`x$_Ca7X&w70oe=~y+@JN~;u^NznkafKX-#$qxX
zT(ohNrZT}0Vj{>GV-&_A3HwrtpLQIQB=bLy{J?K}igug`HB~Gz+2<aYX#_W@ri>z7
zDLG{kD!3r(4o$)d#d1AiBvrZ2K3qt_j8wY(;sBs9%<xPR4P;E1&<0XX#^^ii4VzC_
zJIGZ0bDAtv{npO%8>FWAKP5ax{d@^vTl^0?C(H4_b9{1$|1Uui4%2Z6Bf>R0uOZbK
zWu6`36uC^S_ktAs0Xz`WfKHP{DuWR)0f~}PN^Rh9BAi~x2unr|i^&*mLQ$AVZ9~Ju
z+}~Tx0nLzc2-AhL17u9DQqHd=XY?V2^HE=#D}~wyH)qV{knkdF8J>v)$iw;v9Fdfp
zYaBCetZdhH93wfZBG<t`{^>ZcfsIP7fN4lI6JsEdC^jVqd#B%nnJ^7S4y42&#Hltg
zL~Fc_jS&zH1T<2G#!iZvAQVQu(J)Uz;DJW8t<GyuNTL{9k)%4C>{u#<2n}IeJFiI;
zF{>ou1C?rnQSVfTU^ArEm>96h!LAAd)yZ5T6lBOT0?zIbhREf;L+-PrUbK{p13)O1
zsWAOC9-_+T20%%U{VXiI?jg|rZm22#8;lc94C>bH1bKo=`zHB{RInxfcRHP5DgM9h
zwu3|be+hbg^dQ0!69{f)5BQu6k!u&c+05d`X0T=lqljQObDVXIWNMPs^rRTE@dZh8
zj<y5MK0Sd)Ulu`_Nl|4JC!7&MaVJ)k&<WmT(R#t7JQ8G$JF%HaZES46L1UO0=d3iU
zDJm~jd?y|S)NNu>H0@@QE+*A>U?cFq<nWE$>+G{limOe2nJ%&gzSr|^R$R#qxyI}d
z*L7Cfwx~t!buR6uoaycQ5fRmNtmUa%OPQ_a9J2H{x1rSAekhaP2J`YRyI7c`i`yuN
z7q_aw7mWty_@q3bHR6)_utYIoM&SNIx7@uL)J!fE!JpxeOi-RiO<TtQ4qS3yxOh3r
zeH*-g*ExRw?)c<5@S{8BBUOH?JqtO!wohX6s}yzxsEk`W)!3>tSkc2>YG0b*<=@{r
z9{%2FbN-Jo;qt*A0>0)nxF!D|wL9&4{_h0sqoYIqe+jCVh)9y?*0k;1F%gCEVZQcG
zjD|$S5PO)&OE-^?;OAxHEDC21zEinPCrB+DjU1_wDnGQv#L&r48RW=60A!$}Nldvr
zi;)%8Eb$tX4Qv2PRV+~{3}FJ*e5egc(*+-|FuZp<82og0`{C?|&mZTF09nZ-7gPlA
z>|hQ5hM!Yu<{}$8eYw53{BX8~S$4eM#P09!Zf-9>53W8BZhM#gAJ0EtoL;T+eDnA?
zpTI3R4Q8`9o22wF2j@SY_f7}rm;I*;s)M<8qI##jPiMC`XT9sQ!Bb?^P~KYZpDu3(
z{nHC8U@$oEH>~G+2`d0_t(5E2e(%%S_3f9l>znh-{yxH%kz!3&UTRqyy%wkVFq>62
zRyNpQ6lq{K3s;&A8P_DP4*?a8s&yN8h2>Hgn9bZ3eArM1sY;njp2m1#0b<49?cB%q
z+Z8dB5L#$xOKYB8W9UWY36=4atopy8+$_VjM~RnnueIxRm@}osTPU}}Mj?qV1%D_?
zHWegUu*r+-rv<iMGnY@Aj9gj08m-nDlb5T)n%>1;$;)^_x7)27pN;5Oxh{078u_gg
z+JT-#oAI9-68iP`09){1H#q4o)qhS--nI|;?<J^;|FYF4shLQ{e$6tofA>!NOfEoS
zkK5>@t|iA^P@zZj{+>OrJ1XTiNO?dK_EE_+$s(3lxv^Z_W@c9hTBeF((W}_0F&f3F
zb^xZRhDF;L%~!HbH7ZfTB)Zbm8dLOsBC4rt>Hf+6FKAg2Kot^$`^wNcym+eRO-N|-
zhz2;bx}5fZ&UF6c-kuLu?IH;)kWF>Bu3APCR%G3VeY2w={KcTKYU{OPXsV5j%a2*f
zh&8OzI-#ED?C*^~FcC2^-pwi1(6J7AjU(Hwv~`0>2Vm9zcl3Il4*!MJ6vpRlZfY3F
z*#;_iI$7>9e>;aUwXk=q9_yl9e#^G(au!uR)#H{=H#<a`&BAvGAx#YO3VuwI{eorv
zthuKVH60r4*l$xj#hZpj-(9!IevY@r<6hL$zBOh!(DTt|{9iw-?t2p0_Wq~c?Jn1U
z-yZ6}FGIUs6+!*3XxpIr-Jkzm@xHS%x^hiq{~Qs<!95@4uV?Oc`MM^1l~deQeqTOY
z0g>Ma5)oyuR<fYA@-C+)t?ANlA@@=s(Cp#kT<p@L8h7QMs`j+9OdU(X_8H6OyWZ)|
z7b;`D^tcxQ@AT3Yo}ECCC=r7FhurIskvOc@09P+!XS2`_Yb|w}-^teI{ZJA*(18wg
Vp#MqwPXGV_|NlKa{D%NE0063rA+Z1e

literal 0
HcmV?d00001

diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/Chart.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/Chart.yaml
new file mode 100644
index 0000000000..d1bf32ad67
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/Chart.yaml
@@ -0,0 +1,17 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher CSP Adapter
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-csp-adapter-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-csp-adapter
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 3.0.1-rc2
+description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher
+  entitlements against usage.
+name: rancher-csp-adapter
+version: 103.0.1+up3.0.1-rc2
diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/_helpers.tpl b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/_helpers.tpl
new file mode 100644
index 0000000000..e263a0e7c1
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/_helpers.tpl
@@ -0,0 +1,57 @@
+{{- define "csp-adapter.labels" -}}
+app: rancher-csp-adapter
+{{- end }}
+
+{{- define "csp-adapter.outputConfigMap" -}}
+csp-config
+{{- end }}
+
+{{- define "csp-adapter.outputNotification" -}}
+csp-compliance
+{{- end }}
+
+{{- define "csp-adapter.cacheSecret" -}}
+csp-adapter-cache
+{{- end }}
+
+{{- define "csp-adapter.hostnameSetting" -}}
+server-url
+{{- end }}
+
+{{- define "csp-adapter.versionSetting" -}}
+server-version
+{{- end }}
+
+{{- define "csp-adapter.csp" -}}
+{{- if .Values.aws -}}
+    {{- if .Values.aws.enabled -}}
+aws
+    {{- end -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end }}
+
+{{- define "csp-adapter.awsValuesSet" -}}
+{{- if .Values.aws -}}
+    {{- if and .Values.aws.accountNumber .Values.aws.roleName -}}
+    true
+    {{- else -}}
+    false
+    {{- end -}}
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+    {{- if eq (include "csp-adapter.csp" .) "aws" -}}
+    {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}}
+    {{- else -}}
+    {{- "" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/deployment.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/deployment.yaml
new file mode 100644
index 0000000000..935120f0ca
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/deployment.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - env:
+        - name: CATTLE_DEBUG
+          value: {{ .Values.debug | quote }}
+        - name: CATTLE_DEV_MODE
+          value: {{ .Values.devMode | quote }}
+        - name: K8S_OUTPUT_CONFIGMAP
+          value: '{{ template "csp-adapter.outputConfigMap"  }}'
+        - name: K8S_OUTPUT_NOTIFICATION
+          value: '{{ template "csp-adapter.outputNotification" }}'
+        - name: K8S_CACHE_SECRET
+          value: '{{ template "csp-adapter.cacheSecret"  }}'
+        - name: K8S_HOSTNAME_SETTING
+          value: '{{ template "csp-adapter.hostnameSetting"  }}'
+        - name: K8S_RANCHER_VERSION_SETTING
+          value: '{{ template "csp-adapter.versionSetting"  }}'
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: {{ .Chart.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+{{- if .Values.additionalTrustedCAs }}
+        volumeMounts:
+          - mountPath: /etc/ssl/certs/rancher-cert.pem
+            name: tls-ca-volume
+            subPath: ca-additional.pem
+            readOnly: true
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+{{- if .Values.additionalTrustedCAs }}
+      volumes:
+        - name: tls-ca-volume
+          secret:
+            defaultMode: 0444
+            secretName: tls-ca-additional
+{{- end }}
diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/rbac.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/rbac.yaml
new file mode 100644
index 0000000000..6d17d8c1b8
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/rbac.yaml
@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-cluster-role
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  resourceNames:
+  - {{ template "csp-adapter.outputNotification" }}
+  verbs:
+  - "*"
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  verbs:
+  - create
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  resourceNames:
+  - {{ template "csp-adapter.hostnameSetting"  }}
+  - {{ template "csp-adapter.versionSetting"  }}
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-crb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-role
+  namespace: cattle-csp-adapter-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ template "csp-adapter.cacheSecret"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - {{ template "csp-adapter.outputConfigMap"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-binding
+  namespace: cattle-csp-adapter-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/serviceAccount.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/serviceAccount.yaml
new file mode 100644
index 0000000000..fa8f63e7fb
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/templates/serviceAccount.yaml
@@ -0,0 +1,17 @@
+{{- if eq (include "csp-adapter.csp" . ) "aws" -}}
+  {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}}
+  {{- else -}}
+  {{- fail "If the aws provider is enabled, account number and role name must be provided" -}}
+  {{- end -}}
+{{- else -}}
+{{- fail "One cloud provider must be enabled" -}}
+{{- end -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+  {{- if eq (include "csp-adapter.csp" . ) "aws" }}
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }}
+  {{- end }}
diff --git a/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/values.yaml b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/values.yaml
new file mode 100644
index 0000000000..65b2220be5
--- /dev/null
+++ b/charts/rancher-csp-adapter/103.0.1+up3.0.1-rc2/values.yaml
@@ -0,0 +1,24 @@
+debug: false
+# used for development only - not supported in production
+devMode: false
+
+image:
+  repository: rancher/rancher-csp-adapter
+  tag: v3.0.1-rc2
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+tolerations: []
+
+# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the
+# readme/docs for more details
+#additionalTrustedCAs: true
+
+# at least one csp must be enabled like below
+aws:
+  enabled: false
+  accountNumber: ""
+  roleName: ""
diff --git a/index.yaml b/index.yaml
index a41ca71683..5b7924fb30 100755
--- a/index.yaml
+++ b/index.yaml
@@ -9497,6 +9497,27 @@ entries:
     - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-csp-adapter:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher CSP Adapter
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-csp-adapter-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-csp-adapter
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 3.0.1-rc2
+    created: "2024-02-21T06:37:00.31873503-08:00"
+    description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors
+      Rancher entitlements against usage.
+    digest: da736b089a518c292c37931568ed8415a8f1fb4db49a39e92399f5921d220c67
+    name: rancher-csp-adapter
+    urls:
+    - assets/rancher-csp-adapter/rancher-csp-adapter-103.0.1+up3.0.1-rc2.tgz
+    version: 103.0.1+up3.0.1-rc2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Rancher CSP Adapter
diff --git a/packages/rancher-csp-adapter/package.yaml b/packages/rancher-csp-adapter/package.yaml
index 60609453c3..f72884756a 100644
--- a/packages/rancher-csp-adapter/package.yaml
+++ b/packages/rancher-csp-adapter/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/csp-adapter/releases/download/v3.0.0/rancher-csp-adapter-3.0.0.tgz
-version: 103.0.0
+url: https://github.com/rancher/csp-adapter/releases/download/v3.0.1-rc2/rancher-csp-adapter-3.0.1-rc2.tgz
+version: 103.0.1
diff --git a/release.yaml b/release.yaml
index a56da835e5..60ad394c75 100644
--- a/release.yaml
+++ b/release.yaml
@@ -1,3 +1,5 @@
+rancher-csp-adapter:
+  - 103.0.1+up3.0.1-rc2
 rancher-istio:
   - 103.2.0+up1.20.3
 ui-plugin-operator: