From 858509b59a9abefbd020685f842fc29ab9330bf6 Mon Sep 17 00:00:00 2001
From: chiragkyal <chirag.kyal@gmail.com>
Date: Fri, 30 Jun 2023 18:27:32 +0530
Subject: [PATCH] USHIFT-704: [WIP] add aggregate-route cluster role

---
 .../cluster-role-aggregate-route.yaml         | 54 +++++++++++++++++++
 pkg/components/controllers.go                 |  1 +
 scripts/auto-rebase/assets.yaml               |  2 +
 3 files changed, 57 insertions(+)
 create mode 100644 assets/components/openshift-router/cluster-role-aggregate-route.yaml

diff --git a/assets/components/openshift-router/cluster-role-aggregate-route.yaml b/assets/components/openshift-router/cluster-role-aggregate-route.yaml
new file mode 100644
index 0000000000..4a8c791d29
--- /dev/null
+++ b/assets/components/openshift-router/cluster-role-aggregate-route.yaml
@@ -0,0 +1,54 @@
+# This ClusterRole will allow access to routes resources.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: aggregate-route
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups:
+  - ""
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  - route.openshift.io
+  resources:
+  - routes/custom-host
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  - route.openshift.io
+  resources:
+  - routes/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  - route.openshift.io
+  resources:
+  - routes/status
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/pkg/components/controllers.go b/pkg/components/controllers.go
index a85060aa95..6646ad784c 100644
--- a/pkg/components/controllers.go
+++ b/pkg/components/controllers.go
@@ -109,6 +109,7 @@ func startIngressController(ctx context.Context, cfg *config.Config, kubeconfigP
 		}
 		clusterRole = []string{
 			"components/openshift-router/cluster-role.yaml",
+			"components/openshift-router/cluster-role-aggregate-route.yaml",
 		}
 		apps = []string{
 			"components/openshift-router/deployment.yaml",
diff --git a/scripts/auto-rebase/assets.yaml b/scripts/auto-rebase/assets.yaml
index d9aa08090f..5c5b1f78a3 100644
--- a/scripts/auto-rebase/assets.yaml
+++ b/scripts/auto-rebase/assets.yaml
@@ -34,6 +34,8 @@ assets:
       - file: service-internal.yaml
       - file: serving-certificate.yaml
         git_restore: True
+      - file: cluster-role-aggregate-route.yaml
+        ignore: "it's required for adding routes permission in admin clusterrole"
 
   - dir: components/lvms/
     src: lvms/amd64/