From 391c439de69073a74b38571b96d37ff56f996b81 Mon Sep 17 00:00:00 2001
From: Vlad Losev <vladlosev@users.noreply.github.com>
Date: Tue, 12 Jan 2021 10:27:30 -0800
Subject: [PATCH] fix(argo): Add RBAC permissions for v2.12. (#541)

Signed-off-by: Vlad Losev <vladimir.losev@sage.com>
---
 .circleci/chart-testing.yaml                  |  1 +
 .circleci/config.yml                          | 10 ++++++----
 charts/argo-cd/Chart.yaml                     |  2 +-
 charts/argo-cd/crds/crd-application.yaml      |  4 ++--
 charts/argo-cd/crds/crd-project.yaml          |  4 ++--
 charts/argo-cd/requirements.lock              |  6 +++---
 charts/argo-cd/requirements.yaml              |  4 ++--
 charts/argo/Chart.yaml                        |  4 ++--
 charts/argo/requirements.lock                 |  8 ++++----
 charts/argo/requirements.yaml                 |  4 ++--
 .../cluster-workflow-template-crd.yaml        |  2 +-
 charts/argo/templates/cron-workflow-crd.yaml  |  4 ++--
 .../argo/templates/server-cluster-roles.yaml  | 20 +++++++++++++++++++
 .../workflow-controller-cluster-roles.yaml    | 19 ++++++++++++++++++
 charts/argo/templates/workflow-crd.yaml       |  2 +-
 .../argo/templates/workflow-template-crd.yaml |  2 +-
 charts/argo/values.yaml                       |  2 +-
 scripts/publish.sh                            |  1 -
 18 files changed, 70 insertions(+), 29 deletions(-)

diff --git a/.circleci/chart-testing.yaml b/.circleci/chart-testing.yaml
index f9b5e85a..88308c21 100644
--- a/.circleci/chart-testing.yaml
+++ b/.circleci/chart-testing.yaml
@@ -1,2 +1,3 @@
 chart-repos:
   - argo=https://argoproj.github.io/argo-helm
+  - minio=https://helm.min.io/
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4156df56..eef2b982 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,23 +2,25 @@ version: 2.1
 jobs:
   lint:
     docker:
-      - image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
+      - image: quay.io/helmpack/chart-testing:v3.3.1
     steps:
       - checkout
+      - run: helm repo add stable https://charts.helm.sh/stable
       - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
   # Technically this only needs to be run on master, but it's good to have it run on every PR
   # so that it is regularly tested.
   publish:
     docker:
       # We just need an image with `helm` on it. Handily we know of one already.
-      - image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
+      - image: quay.io/helmpack/chart-testing:v3.3.1
     steps:
       # install the additional keys needed to push to Github. Alex Collins owns these keys.
       - add_ssh_keys
       - run: git config --global user.email "nobody@circleci.com"
       - run: git config --global user.name "Circle CI Build"
       - checkout
-      - run: helm init --client-only
+      - run: helm repo add stable https://charts.helm.sh/stable
+      - run: helm repo add minio https://helm.min.io/
       # Only actually publish charts on master.
       - run: |
           set -x
@@ -35,4 +37,4 @@ workflows:
       - lint
       - publish:
           requires:
-            - lint
\ No newline at end of file
+            - lint
diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 45acffdd..b280627d 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 1.7.6
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 2.11.0
+version: 2.11.1
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
diff --git a/charts/argo-cd/crds/crd-application.yaml b/charts/argo-cd/crds/crd-application.yaml
index 5a08d884..9a708978 100644
--- a/charts/argo-cd/crds/crd-application.yaml
+++ b/charts/argo-cd/crds/crd-application.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   labels:
@@ -1654,4 +1654,4 @@ spec:
   versions:
   - name: v1alpha1
     served: true
-    storage: true
\ No newline at end of file
+    storage: true
diff --git a/charts/argo-cd/crds/crd-project.yaml b/charts/argo-cd/crds/crd-project.yaml
index 35d9dde9..a911370c 100644
--- a/charts/argo-cd/crds/crd-project.yaml
+++ b/charts/argo-cd/crds/crd-project.yaml
@@ -1,4 +1,4 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   labels:
@@ -228,4 +228,4 @@ spec:
   versions:
   - name: v1alpha1
     served: true
-    storage: true
\ No newline at end of file
+    storage: true
diff --git a/charts/argo-cd/requirements.lock b/charts/argo-cd/requirements.lock
index 61752ccb..6b9da354 100644
--- a/charts/argo-cd/requirements.lock
+++ b/charts/argo-cd/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
-  repository: https://kubernetes-charts.storage.googleapis.com
+  repository: https://charts.helm.sh/stable
   version: 4.4.2
-digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
-generated: "2020-03-29T14:37:59.349371452+01:00"
+digest: sha256:21780522f7047d49ccad6d79f79ee3e28b4839df044beea293e2e4fd69610f52
+generated: "2021-01-11T16:15:21.274802-08:00"
diff --git a/charts/argo-cd/requirements.yaml b/charts/argo-cd/requirements.yaml
index eb6313dd..64a897e3 100644
--- a/charts/argo-cd/requirements.yaml
+++ b/charts/argo-cd/requirements.yaml
@@ -1,5 +1,5 @@
 dependencies:
 - name: redis-ha
   version: 4.4.2
-  repository: https://kubernetes-charts.storage.googleapis.com
-  condition: redis-ha.enabled
\ No newline at end of file
+  repository: https://charts.helm.sh/stable
+  condition: redis-ha.enabled
diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml
index 0a90e20f..504be025 100644
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v2.11.7
+appVersion: v2.12.3
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.14.0
+version: 0.15.0
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
diff --git a/charts/argo/requirements.lock b/charts/argo/requirements.lock
index 39f5ecae..37a55e66 100644
--- a/charts/argo/requirements.lock
+++ b/charts/argo/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: minio
-  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 5.0.6
-digest: sha256:373b459c6232e9fd4dd86fa0af01e024372f686a0cdfbfed69d3cd41859e8ad4
-generated: "2020-02-06T00:16:52.211425292Z"
+  repository: https://helm.min.io/
+  version: 8.0.9
+digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
+generated: "2021-01-11T15:01:01.169105-08:00"
diff --git a/charts/argo/requirements.yaml b/charts/argo/requirements.yaml
index 869e1975..bd643139 100644
--- a/charts/argo/requirements.yaml
+++ b/charts/argo/requirements.yaml
@@ -1,5 +1,5 @@
 dependencies:
 - name: minio
-  version: 5.0.6
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 8.0.9
+  repository: https://helm.min.io/
   condition: minio.install
diff --git a/charts/argo/templates/cluster-workflow-template-crd.yaml b/charts/argo/templates/cluster-workflow-template-crd.yaml
index c9c1cb52..be688da3 100644
--- a/charts/argo/templates/cluster-workflow-template-crd.yaml
+++ b/charts/argo/templates/cluster-workflow-template-crd.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: clusterworkflowtemplates.argoproj.io
diff --git a/charts/argo/templates/cron-workflow-crd.yaml b/charts/argo/templates/cron-workflow-crd.yaml
index 8bf36ab3..923abdf2 100644
--- a/charts/argo/templates/cron-workflow-crd.yaml
+++ b/charts/argo/templates/cron-workflow-crd.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: cronworkflows.argoproj.io
@@ -16,4 +16,4 @@ spec:
     - cwf
   scope: Namespaced
   version: v1alpha1
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/argo/templates/server-cluster-roles.yaml b/charts/argo/templates/server-cluster-roles.yaml
index ac51e455..e946dcc7 100644
--- a/charts/argo/templates/server-cluster-roles.yaml
+++ b/charts/argo/templates/server-cluster-roles.yaml
@@ -24,12 +24,32 @@ rules:
   - list
   - watch
   - delete
+{{- if .Values.server.sso }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - sso
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+{{- end}}
+{{- if .Values.server.rbac }}
 - apiGroups:
   - ""
   resources:
   - serviceaccounts
   verbs:
   - get
+  - list
+{{- end }}
 - apiGroups:
   - ""
   resources:
diff --git a/charts/argo/templates/workflow-controller-cluster-roles.yaml b/charts/argo/templates/workflow-controller-cluster-roles.yaml
index 976d49f8..e51f5f4b 100644
--- a/charts/argo/templates/workflow-controller-cluster-roles.yaml
+++ b/charts/argo/templates/workflow-controller-cluster-roles.yaml
@@ -106,6 +106,25 @@ rules:
   verbs:
   - get
 {{- end}}
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  resourceNames:
+  - workflow-controller
+  - workflow-controller-lease
+  verbs:
+  - get
+  - watch
+  - update
+  - patch
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/charts/argo/templates/workflow-crd.yaml b/charts/argo/templates/workflow-crd.yaml
index dca2e1bc..44a6fa98 100644
--- a/charts/argo/templates/workflow-crd.yaml
+++ b/charts/argo/templates/workflow-crd.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: workflows.argoproj.io
diff --git a/charts/argo/templates/workflow-template-crd.yaml b/charts/argo/templates/workflow-template-crd.yaml
index 55c940d5..757fa098 100644
--- a/charts/argo/templates/workflow-template-crd.yaml
+++ b/charts/argo/templates/workflow-template-crd.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.installCRD }}
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: workflowtemplates.argoproj.io
diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml
index cd7d7603..084e92c4 100644
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@@ -7,7 +7,7 @@ images:
   # Secrets with credentials to pull images from a private registry
   pullSecrets: []
   # - name: argo-pull-secret
-  tag: v2.11.7
+  tag: v2.12.3
 
 crdVersion: v1alpha1
 installCRD: true
diff --git a/scripts/publish.sh b/scripts/publish.sh
index be918fe4..016b59f8 100755
--- a/scripts/publish.sh
+++ b/scripts/publish.sh
@@ -6,7 +6,6 @@ GIT_PUSH=${GIT_PUSH:-false}
 
 rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output
 
-helm repo add stable https://kubernetes-charts.storage.googleapis.com
 helm repo add argoproj https://argoproj.github.io/argo-helm
 
 for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);