From 52cdb239ff5fe41428e60fa94af99b8bea6f6944 Mon Sep 17 00:00:00 2001
From: Max Sokolovsky <genexpr@protonmail.com>
Date: Tue, 6 Sep 2022 16:12:46 -0400
Subject: [PATCH 1/2] Bump rancher-csp-adapter to v1.0.1

---
 packages/rancher-csp-adapter/package.yaml | 4 ++--
 release.yaml                              | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/rancher-csp-adapter/package.yaml b/packages/rancher-csp-adapter/package.yaml
index bde5bf7b3..55104b6f6 100644
--- a/packages/rancher-csp-adapter/package.yaml
+++ b/packages/rancher-csp-adapter/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/csp-adapter/releases/download/v1.0.0/rancher-csp-adapter-1.0.0.tgz
-version: 1.0.0
+url: https://github.com/rancher/csp-adapter/releases/download/v1.0.1/rancher-csp-adapter-1.0.1.tgz
+version: 1.0.1
diff --git a/release.yaml b/release.yaml
index ce83a0493..ae5510797 100644
--- a/release.yaml
+++ b/release.yaml
@@ -2,3 +2,5 @@ rancher-eks-operator:
   - 100.0.4+up1.1.5-rc1
 rancher-eks-operator-crd:
   - 100.0.4+up1.1.5-rc1
+rancher-csp-adapter:
+  - 1.0.1

From 4d84a7edac8e9a316b8a918d1040975ba5a0ad20 Mon Sep 17 00:00:00 2001
From: Max Sokolovsky <genexpr@protonmail.com>
Date: Tue, 6 Sep 2022 16:38:20 -0400
Subject: [PATCH 2/2] Make charts

---
 .../rancher-csp-adapter-1.0.1.tgz             | Bin 0 -> 2137 bytes
 charts/rancher-csp-adapter/1.0.1/Chart.yaml   |  17 +++
 .../1.0.1/templates/_helpers.tpl              |  57 +++++++++
 .../1.0.1/templates/deployment.yaml           |  46 +++++++
 .../1.0.1/templates/rbac.yaml                 | 114 ++++++++++++++++++
 .../1.0.1/templates/serviceAccount.yaml       |  17 +++
 charts/rancher-csp-adapter/1.0.1/values.yaml  |  22 ++++
 index.yaml                                    |  21 ++++
 8 files changed, 294 insertions(+)
 create mode 100644 assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz
 create mode 100644 charts/rancher-csp-adapter/1.0.1/Chart.yaml
 create mode 100644 charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml
 create mode 100644 charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml
 create mode 100644 charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml
 create mode 100644 charts/rancher-csp-adapter/1.0.1/values.yaml

diff --git a/assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz b/assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1bb4960f808f9f736d03861623ec198eb3730c62
GIT binary patch
literal 2137
zcmV-f2&VTRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH$jZ{xVt^DMys;lPUz^KG$`WygtUg|<M}lbs2=ae~A%FGUg1
z(y`5kBDEytY&P|OFQ|(x$+E2^)1-^~JR}y$b0g1<7fHB3M``;ivPnQ9jj}VG6RDjC
z60&#S1YFm3Px}4jzw5fy|J~lv(YtQ{$UPqP1}DeI@7(UOd(?dg?zdsT8)Bu2eCNKH
zS5>(`2oTPNCYlPaJPW`lnlLeQe4;f&hl-AmQqw8Lz=O<IYKH|>MT|VyoP_AXbvhD;
zH&<|)T2(F9oCX1M587JB*sdLN7f;Y$pj1?F58nUvFVJ;*J;$|O__O(WY<|A4MK!Xh
zi1_G1+E}!5TRkX^VJ)Ii9x%$|-)eg!lp)p1-aRUJtdi(G=fpWlB=0$c?Se~WNEBw1
zS>vL$Sjra>dJqy$W*8#Z7K!NBoc*F_ktkYyb{*I0S^+9w(nu#wLnh(?Zcr|$k8mZ$
zf(9tzg2+465hFh4YY9^!^EGzhLU5{uRC$X9fLv3}5+M|j8KGQhh!vTkV{KPzQ5Np4
zUE_ZO>f--`uo%_1O8|S~zdJY@RO5edFgV2j*MI;g@yvrMVG3JT%c3Efq1UniBt}9R
z$9`COYp2Fq%ur2c9xM{CHJ=HMtC+DX!KnY>!TEF~^p!+~TpK1cCMJX>T+;BB`~*lt
z@<*JKnCWYrQKb#{cH1Cn!BA$I3jY2N)ASwCX)YU31+k)h1_UBW7ewRm^as#$svyf@
zKG6tatTapzqBOn*Kok&A=u6Z<Ip{e;rrLW2s}uq@C`8k1*h(Zph@C+ADv5=mkO%>4
zLYZn=-;p4oMo_}WGFBRc;i>Y#<hWF7qQL}s4T2;1Dq0DJoJ<%7z~~*q1ev&RS>#?N
z)06eB)(U|5zKFRV#o+{HI!yplFdQWz)_m_>|2qHI7)Fd}RGr&7vIwPebo7Eyu*d&<
zN8N74{|EhE@8JKh0gsP11URJ}p<S>6hmi>~)dqXHY?;ELHe<IegN{4^Gb;V6BPL=U
z#d;|Cl+G?llu<P!{G{z^bVed`W-54zR2VTzxQ|WA`NW^&P2%|lI(dDV^fo0m7fPF0
zaf4b@KFi1{lna!0ELl@JSqW52ChKdgoysTLjG$9+zNUGd+^e+Rgxt+OCl5mD(%-A~
zK*MxJ5t+jD%LJOu?!5w%dzEs%S<Qa~NeK^1(w2f?sV9$wYZ7S$UTL#Zz_hHQ>P}U&
zQ4O_C^Vw~XCbV0bWwd%_)1;W!^R=mPjTcGE^%UCwr#kKDQ7CJl$%4Pa|5NU>IH)rw
z=X+?A`#dP*XzhXf<A>hyj~|Xtj$J3XlMedQiIr_KoZWRuNPZXGEQl|{j*1m_Dik(F
zX;(*7=X&$wtpn*F6n5wT03#+I%r@>NyMaCV|HwUY%lW_OcKauX{QnwIJR%@bq&kak
z%etdH@ZjTW@mp4ingm3Xq!LYc@Q;t+q$h<*kWJmS$&pLTQW5$IC4~%qEo4^zheZ4H
zUy{lrYXL}Vk6K>2ndZnv5e=|1p<Sc^Rw5bj1=oaflxu7gX%+=qb~X#c)A9J1v)hkn
zKYjVM?gdEp&?&bpIww0V_!s;d3%%xBr1iHCH@BBx##dj)x5LZP&*z^mPOoZczJGjN
z>At7Vg5~o4PClc{@%hi^!_)Ek<>(o#%B9#=X2a9r=d;_Jv*GpG_(@z!720<CpD%C5
zqtgq+Vmv+{)h)z!9vh|Gc0Sjqqv7YX>)Wqq*Ei>vqi3<JR(NG@>Gr#VzO{^SV7V+<
zSc2@V_wBG;dK=xE%*rfxcymFf;&#5hL9{Ximdo~LF;}xGF7a6i7KeCYs=1=qnk5KL
z;}y|!4?3v*j#4Z+m{#i(36$E2OmKk$q`GOQY@gUE{qg`6Pg1fzvDX4_5;7b9OU@qh
zU3{_T%P6Jirl(msx@}UQHYusdswVDi)hRv6@XF$6rgI?z^uX=+`;}Qpa7IPKYr)FO
zzIDDjz_*3n^`D#&|K;bvd+NXb;G|bM|2Y}Bhx6Z8fnxoatTu`DTuAzRlGB~L56YpU
zP!tZC2~+Y~Fl<&8+J1^*%LGNnEQx0}kcfVgB97ANW*6?Q)^}RzIkXb7^f4coS!{?}
zQa?GISfHHby))F`fOxD>@<MH+iersp`S>T+M^$Ote`^1yq%E@XB@&G<;iS@X<>~WK
zS6%Hvsi}}^SK0hvRAs;J&EBC-MH11hVk(++osuM?Sr)H1tL6;xH;vpVp?0wIW2Hry
zw<c#sw08M+Ft_cN)zpOnpvH@TqCB8{25$p}81hCERA6T$larQZ!q_!Vn~R&=)MO^I
zV}Z&D8_V=ukxRi>#gl)cuXDRfncS2L*R(L)xhH70$A6M(=63mnw32GnRGRH+C%ZM<
zh<BzUetNj8Zde-z{Jlani{|xY(mR%rM9<A)<pYHmsZ^GwR;%aQO%})+n$IL3-PnRM
zzi;TyYbU-g80vOIem&PL*MGa~|MI5xxjTV<@Bg~}e)ar!(C;7W|JQ(K7e7$A`LXuj
z7L{-IobR*ueFg0N$|w7r63U=`K22X=+^hU`M)Im7yN~=KfA0W1z3U@9NM1W6R=@GC
zqr@$}Br4r|S!=$R9KlZ>zpdC-9%QuF=ozWf)4Hxz=dbHPwB7p~hMxv=URkJwbmeg;
z0N$y}eVmy<n@H|~`9toNM@i@vj}133S(i)Cpmi#PR`;!?d0#FMXGRA&zyS{MUkLvW
P00960=nCq505Sjo7hyEE

literal 0
HcmV?d00001

diff --git a/charts/rancher-csp-adapter/1.0.1/Chart.yaml b/charts/rancher-csp-adapter/1.0.1/Chart.yaml
new file mode 100644
index 000000000..24ac00b3a
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/Chart.yaml
@@ -0,0 +1,17 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher CSP Adapter
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cattle-csp-adapter-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.6.6-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-csp-adapter
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.0.1
+description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher
+  entitlements against usage.
+name: rancher-csp-adapter
+version: 1.0.1
diff --git a/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl b/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..17310f598
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl
@@ -0,0 +1,57 @@
+{{- define "csp-adapter.labels" -}}
+app: rancher-csp-adapter
+{{- end }}
+
+{{- define "csp-adapter.outputConfigMap" -}}
+csp-config
+{{- end }}
+
+{{- define "csp-adapter.outputNotification" -}}
+csp-compliance
+{{- end }}
+
+{{- define "csp-adapter.cacheSecret" -}}
+csp-adapter-cache
+{{- end }}
+
+{{- define "csp-adapter.hostnameSetting" -}}
+server-url
+{{- end }}
+
+{{- define "csp-adapter.versionSetting" -}}
+server-version
+{{- end }}
+
+{{- define "csp-adapter.csp" -}}
+{{- if .Values.aws -}}
+    {{- if .Values.aws.enabled -}}
+aws
+    {{- end -}}
+{{- else -}}
+""
+{{- end -}}
+{{- end }}
+
+{{- define "csp-adapter.awsValuesSet" -}}
+{{- if .Values.aws -}}
+    {{- if and .Values.aws.accountNumber .Values.aws.roleName -}}
+    true
+    {{- else -}}
+    false
+    {{- end -}}
+{{- else -}}
+false
+{{- end -}}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+    {{- if eq (include "csp-adapter.csp" .) "aws" -}}
+    {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}}
+    {{- else -}}
+    {{- "" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml b/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml
new file mode 100644
index 000000000..f3e29628a
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml
@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      containers:
+      - env:
+        - name: CATTLE_DEBUG
+          value: {{ .Values.debug | quote }}
+        - name: K8S_OUTPUT_CONFIGMAP
+          value: '{{ template "csp-adapter.outputConfigMap"  }}'
+        - name: K8S_OUTPUT_NOTIFICATION
+          value: '{{ template "csp-adapter.outputNotification" }}'
+        - name: K8S_CACHE_SECRET
+          value: '{{ template "csp-adapter.cacheSecret"  }}'
+        - name: K8S_HOSTNAME_SETTING
+          value: '{{ template "csp-adapter.hostnameSetting"  }}'
+        - name: K8S_RANCHER_VERSION_SETTING
+          value: '{{ template "csp-adapter.versionSetting"  }}'
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: {{ .Chart.Name }}
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+{{- if .Values.additionalTrustedCAs }}
+        volumeMounts:
+          - mountPath: /etc/ssl/certs/rancher-cert.pem
+            name: tls-ca-volume
+            subPath: ca-additional.pem
+            readOnly: true
+{{- end }}
+      serviceAccountName: {{ .Chart.Name }}
+{{- if .Values.additionalTrustedCAs }}
+      volumes:
+        - name: tls-ca-volume
+          secret:
+            defaultMode: 0444
+            secretName: tls-ca-additional
+{{- end }}
diff --git a/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml b/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml
new file mode 100644
index 000000000..220c0d434
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml
@@ -0,0 +1,114 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-cluster-role
+rules:
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - ranchermetrics
+  verbs:
+  - get
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  resourceNames:
+  - {{ template "csp-adapter.outputNotification" }}
+  verbs:
+  - "*"
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - rancherusernotifications
+  verbs:
+  - create
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - settings
+  resourceNames:
+  - {{ template "csp-adapter.hostnameSetting"  }}
+  - {{ template "csp-adapter.versionSetting"  }}
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1   
+kind: ClusterRoleBinding                                                                                                                       
+metadata:                                                                                                                                      
+  name: {{ .Chart.Name }}-crb
+roleRef:                                         
+  apiGroup: rbac.authorization.k8s.io          
+  kind: ClusterRole                           
+  name: {{ .Chart.Name }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Chart.Name }}-role
+  namespace: cattle-csp-adapter-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ template "csp-adapter.cacheSecret"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - {{ template "csp-adapter.outputConfigMap"  }}
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-binding
+  namespace: cattle-csp-adapter-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}
+    namespace: cattle-csp-adapter-system
\ No newline at end of file
diff --git a/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml b/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml
new file mode 100644
index 000000000..fa8f63e7f
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml
@@ -0,0 +1,17 @@
+{{- if eq (include "csp-adapter.csp" . ) "aws" -}}
+  {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}}
+  {{- else -}}
+  {{- fail "If the aws provider is enabled, account number and role name must be provided" -}}
+  {{- end -}}
+{{- else -}}
+{{- fail "One cloud provider must be enabled" -}}
+{{- end -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: cattle-csp-adapter-system
+  {{- if eq (include "csp-adapter.csp" . ) "aws" }}
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }}
+  {{- end }}
diff --git a/charts/rancher-csp-adapter/1.0.1/values.yaml b/charts/rancher-csp-adapter/1.0.1/values.yaml
new file mode 100644
index 000000000..afa8e88be
--- /dev/null
+++ b/charts/rancher-csp-adapter/1.0.1/values.yaml
@@ -0,0 +1,22 @@
+debug: false
+
+image:
+  repository: rancher/rancher-csp-adapter
+  tag: v1.0.1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+tolerations: []
+
+# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the
+# readme/docs for more details
+#additionalTrustedCAs: true
+
+# at least one csp must be enabled like below
+aws:
+  enabled: false
+  accountNumber: ""
+  roleName: ""
diff --git a/index.yaml b/index.yaml
index 8dd319acb..23e7492c3 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3562,6 +3562,27 @@ entries:
     - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz
     version: 1.0.100
   rancher-csp-adapter:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher CSP Adapter
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cattle-csp-adapter-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux
+      catalog.cattle.io/rancher-version: '>= 2.6.6-0 < 2.7.0-0'
+      catalog.cattle.io/release-name: rancher-csp-adapter
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 1.0.1
+    created: "2022-09-06T16:38:05.397109-04:00"
+    description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors
+      Rancher entitlements against usage.
+    digest: 35a37a41a3105b6c2a585b37191e13cb17b1616eaab628770a80b2ebf33acc38
+    name: rancher-csp-adapter
+    urls:
+    - assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz
+    version: 1.0.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/display-name: Rancher CSP Adapter