From 697ee4a1da1c7abf50a6ea4159bd14f09195d2e0 Mon Sep 17 00:00:00 2001
From: Dhiraj Bokde <dhirajsb@users.noreply.github.com>
Date: Tue, 28 May 2024 07:30:32 -0700
Subject: [PATCH] feat: add manifests for odh extras resources for editor and
 viewer role, part of fix for RHOAIENG-5112 (#102)

* feat: add manifests for odh extras resources for editor and viewer role, part of fix for RHOAIENG-5112

* fix: commented app.kubernetes.io/part-of label in mr roles as it will be set by odh operator instead
---
 config/overlays/odh/extras/kustomization.yaml | 10 ++++++
 .../odh/extras/modelregistry_editor_role.yaml | 32 +++++++++++++++++++
 .../odh/extras/modelregistry_viewer_role.yaml | 28 ++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100644 config/overlays/odh/extras/kustomization.yaml
 create mode 100644 config/overlays/odh/extras/modelregistry_editor_role.yaml
 create mode 100644 config/overlays/odh/extras/modelregistry_viewer_role.yaml

diff --git a/config/overlays/odh/extras/kustomization.yaml b/config/overlays/odh/extras/kustomization.yaml
new file mode 100644
index 0000000..02c1f54
--- /dev/null
+++ b/config/overlays/odh/extras/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Adds odh namespace to all resources.
+namespace: opendatahub
+
+# Extra model registry resources for ODH operator
+resources:
+- modelregistry_editor_role.yaml
+- modelregistry_viewer_role.yaml
diff --git a/config/overlays/odh/extras/modelregistry_editor_role.yaml b/config/overlays/odh/extras/modelregistry_editor_role.yaml
new file mode 100644
index 0000000..3c59b6a
--- /dev/null
+++ b/config/overlays/odh/extras/modelregistry_editor_role.yaml
@@ -0,0 +1,32 @@
+# permissions for end users to edit modelregistries.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: modelregistry-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: model-registry-operator
+#    set by odh operator
+#    app.kubernetes.io/part-of: model-registry-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: modelregistry-editor-role
+rules:
+- apiGroups:
+  - modelregistry.opendatahub.io
+  resources:
+  - modelregistries
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - modelregistry.opendatahub.io
+  resources:
+  - modelregistries/status
+  verbs:
+  - get
diff --git a/config/overlays/odh/extras/modelregistry_viewer_role.yaml b/config/overlays/odh/extras/modelregistry_viewer_role.yaml
new file mode 100644
index 0000000..dce3122
--- /dev/null
+++ b/config/overlays/odh/extras/modelregistry_viewer_role.yaml
@@ -0,0 +1,28 @@
+# permissions for end users to view modelregistries.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: modelregistry-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: model-registry-operator
+#    set by odh operator
+#    app.kubernetes.io/part-of: model-registry-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: modelregistry-viewer-role
+rules:
+- apiGroups:
+  - modelregistry.opendatahub.io
+  resources:
+  - modelregistries
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - modelregistry.opendatahub.io
+  resources:
+  - modelregistries/status
+  verbs:
+  - get