From effe77a8f15d245532d8ccf9cbcb6271fc97495f Mon Sep 17 00:00:00 2001
From: Cory Latschkowski <koree@redhat.com>
Date: Thu, 31 Oct 2024 09:46:24 -0500
Subject: [PATCH] update: rbac things

---
 clusters/default/kustomization.yaml                    |  1 +
 .../groups-basic}/cluster-admins-group.yaml            |  0
 .../groups-basic}/cluster-admins-rolebinding.yaml      |  0
 .../groups-basic}/cluster-readers-group.yaml           |  0
 .../groups-basic}/cluster-readers-rolebinding.yaml     |  0
 .../groups-basic}/kustomization.yaml                   |  4 ++--
 .../groups-workshop}/kustomization.yaml                |  5 ++---
 .../groups-workshop}/workshop-admins-group.yaml        |  0
 .../groups-workshop}/workshop-users-group.yaml         |  0
 .../rbac/overlays/default/kustomization.yaml           |  3 +++
 .../exclude-cluster-reader-group.yaml                  |  5 -----
 .../overlays/manual-user-config/kustomization.yaml     |  9 ---------
 .../overlays/no-self-provisioner/kustomization.yaml    |  3 +++
 .../components/fix-kubeadmin-cluster-admin/group.yaml} |  5 +++--
 .../fix-kubeadmin-cluster-admin/kustomization.yaml     |  1 +
 scripts/library/ocp.sh                                 | 10 ++++++++++
 16 files changed, 25 insertions(+), 21 deletions(-)
 rename components/cluster-configs/rbac/{overlays/custom => components/groups-basic}/cluster-admins-group.yaml (100%)
 rename components/cluster-configs/rbac/{overlays/custom => components/groups-basic}/cluster-admins-rolebinding.yaml (100%)
 rename components/cluster-configs/rbac/{overlays/custom => components/groups-basic}/cluster-readers-group.yaml (100%)
 rename components/cluster-configs/rbac/{overlays/custom => components/groups-basic}/cluster-readers-rolebinding.yaml (100%)
 rename components/cluster-configs/rbac/{overlays/custom => components/groups-basic}/kustomization.yaml (69%)
 rename components/cluster-configs/rbac/{overlays/workshop => components/groups-workshop}/kustomization.yaml (74%)
 rename components/cluster-configs/rbac/{overlays/workshop => components/groups-workshop}/workshop-admins-group.yaml (100%)
 rename components/cluster-configs/rbac/{overlays/workshop => components/groups-workshop}/workshop-users-group.yaml (100%)
 delete mode 100644 components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-reader-group.yaml
 delete mode 100644 components/cluster-configs/rbac/overlays/manual-user-config/kustomization.yaml
 rename components/{cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-admin-group.yaml => operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/group.yaml} (52%)

diff --git a/clusters/default/kustomization.yaml b/clusters/default/kustomization.yaml
index 7f0469bc..31e5cdd5 100644
--- a/clusters/default/kustomization.yaml
+++ b/clusters/default/kustomization.yaml
@@ -10,6 +10,7 @@ resources:
 # - ../../components/cluster-configs/etcd-backup/overlays/default
 # - ../../components/cluster-configs/namespace-cleanup/overlays/sandbox
 
+- ../../components/cluster-configs/login/overlays/htpasswd
 - ../../components/cluster-configs/namespaces/overlays/default
 - ../../components/cluster-configs/rbac/overlays/no-self-provisioner
 
diff --git a/components/cluster-configs/rbac/overlays/custom/cluster-admins-group.yaml b/components/cluster-configs/rbac/components/groups-basic/cluster-admins-group.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/custom/cluster-admins-group.yaml
rename to components/cluster-configs/rbac/components/groups-basic/cluster-admins-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/custom/cluster-admins-rolebinding.yaml b/components/cluster-configs/rbac/components/groups-basic/cluster-admins-rolebinding.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/custom/cluster-admins-rolebinding.yaml
rename to components/cluster-configs/rbac/components/groups-basic/cluster-admins-rolebinding.yaml
diff --git a/components/cluster-configs/rbac/overlays/custom/cluster-readers-group.yaml b/components/cluster-configs/rbac/components/groups-basic/cluster-readers-group.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/custom/cluster-readers-group.yaml
rename to components/cluster-configs/rbac/components/groups-basic/cluster-readers-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/custom/cluster-readers-rolebinding.yaml b/components/cluster-configs/rbac/components/groups-basic/cluster-readers-rolebinding.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/custom/cluster-readers-rolebinding.yaml
rename to components/cluster-configs/rbac/components/groups-basic/cluster-readers-rolebinding.yaml
diff --git a/components/cluster-configs/rbac/overlays/custom/kustomization.yaml b/components/cluster-configs/rbac/components/groups-basic/kustomization.yaml
similarity index 69%
rename from components/cluster-configs/rbac/overlays/custom/kustomization.yaml
rename to components/cluster-configs/rbac/components/groups-basic/kustomization.yaml
index 04558c32..4fc53102 100644
--- a/components/cluster-configs/rbac/overlays/custom/kustomization.yaml
+++ b/components/cluster-configs/rbac/components/groups-basic/kustomization.yaml
@@ -1,5 +1,5 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
 
 resources:
   - cluster-admins-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/workshop/kustomization.yaml b/components/cluster-configs/rbac/components/groups-workshop/kustomization.yaml
similarity index 74%
rename from components/cluster-configs/rbac/overlays/workshop/kustomization.yaml
rename to components/cluster-configs/rbac/components/groups-workshop/kustomization.yaml
index 68e72145..d1e3f1ad 100644
--- a/components/cluster-configs/rbac/overlays/workshop/kustomization.yaml
+++ b/components/cluster-configs/rbac/components/groups-workshop/kustomization.yaml
@@ -1,8 +1,7 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
 
 resources:
-  - ../../base
   - workshop-admins-group.yaml
   - workshop-users-group.yaml
 
diff --git a/components/cluster-configs/rbac/overlays/workshop/workshop-admins-group.yaml b/components/cluster-configs/rbac/components/groups-workshop/workshop-admins-group.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/workshop/workshop-admins-group.yaml
rename to components/cluster-configs/rbac/components/groups-workshop/workshop-admins-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/workshop/workshop-users-group.yaml b/components/cluster-configs/rbac/components/groups-workshop/workshop-users-group.yaml
similarity index 100%
rename from components/cluster-configs/rbac/overlays/workshop/workshop-users-group.yaml
rename to components/cluster-configs/rbac/components/groups-workshop/workshop-users-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/default/kustomization.yaml b/components/cluster-configs/rbac/overlays/default/kustomization.yaml
index 774a422d..f0d653c3 100644
--- a/components/cluster-configs/rbac/overlays/default/kustomization.yaml
+++ b/components/cluster-configs/rbac/overlays/default/kustomization.yaml
@@ -1,5 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+components:
+  - ../../components/groups-basic
+
 resources:
   - ../../base
diff --git a/components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-reader-group.yaml b/components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-reader-group.yaml
deleted file mode 100644
index 9026b9b0..00000000
--- a/components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-reader-group.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-$patch: delete
-kind: Group
-apiVersion: user.openshift.io/v1
-metadata:
-  name: cluster-readers
diff --git a/components/cluster-configs/rbac/overlays/manual-user-config/kustomization.yaml b/components/cluster-configs/rbac/overlays/manual-user-config/kustomization.yaml
deleted file mode 100644
index 57350f1a..00000000
--- a/components/cluster-configs/rbac/overlays/manual-user-config/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - ../../base
-
-# patches:
-#   - path: exclude-cluster-admin-group.yaml
-#   - path: exclude-cluster-reader-group.yaml
diff --git a/components/cluster-configs/rbac/overlays/no-self-provisioner/kustomization.yaml b/components/cluster-configs/rbac/overlays/no-self-provisioner/kustomization.yaml
index c4dbcb82..0491c33f 100644
--- a/components/cluster-configs/rbac/overlays/no-self-provisioner/kustomization.yaml
+++ b/components/cluster-configs/rbac/overlays/no-self-provisioner/kustomization.yaml
@@ -1,6 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+components:
+  - ../../components/groups-basic
+
 resources:
   - ../../base
 
diff --git a/components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-admin-group.yaml b/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/group.yaml
similarity index 52%
rename from components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-admin-group.yaml
rename to components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/group.yaml
index dd4e0643..c67f6b0f 100644
--- a/components/cluster-configs/rbac/overlays/manual-user-config/exclude-cluster-admin-group.yaml
+++ b/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/group.yaml
@@ -1,5 +1,6 @@
-$patch: delete
 kind: Group
 apiVersion: user.openshift.io/v1
 metadata:
-  name: cluster-admins
+  name: rhods-admins
+users:
+  - 'b64:kube:admin'
diff --git a/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/kustomization.yaml b/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/kustomization.yaml
index aed1684e..b9de7cf1 100644
--- a/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/kustomization.yaml
+++ b/components/operators/rhods-operator/instance/components/fix-kubeadmin-cluster-admin/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Component
 
 resources:
   - rolebinding.yaml
+  # - group.yaml
diff --git a/scripts/library/ocp.sh b/scripts/library/ocp.sh
index d17fc758..327c0551 100644
--- a/scripts/library/ocp.sh
+++ b/scripts/library/ocp.sh
@@ -2,6 +2,16 @@
 
 # https://mirror.openshift.com/pub/openshift-v4
 
+ocp_add_admin_user(){
+  HT_USERNAME=${1:-admin}
+  HT_PASSWORD=${2:-$(genpass)}
+
+  htpasswd_ocp_get_file
+  htpasswd_add_user "${HT_USERNAME}" "${HT_PASSWORD}"
+  htpasswd_ocp_set_file
+  htpasswd_validate_user "${HT_USERNAME}" "${HT_PASSWORD}"
+}
+
 ocp_check_login(){
   oc whoami || return 1
   oc cluster-info | head -n1