From 9d2ef9cf37c4a2c671c0bbe8ad4116937e993510 Mon Sep 17 00:00:00 2001
From: Zachary Blasczyk
 <77289967+wandb-zacharyblasczyk@users.noreply.github.com>
Date: Mon, 23 Oct 2023 17:20:35 -0500
Subject: [PATCH] feat: Adding support for k8s webhooks secret store (#33)

---
 .gitignore                              |  1 +
 charts/wandb/Chart.yaml                 |  4 ++--
 charts/wandb/templates/_helpers.tpl     | 14 +++++++++++++-
 charts/wandb/templates/role.yaml        | 14 ++++++++++++++
 charts/wandb/templates/rolebinding.yaml | 14 ++++++++++++++
 5 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 charts/wandb/templates/role.yaml
 create mode 100644 charts/wandb/templates/rolebinding.yaml

diff --git a/.gitignore b/.gitignore
index a7e0b4e1..cb3b675e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 *.tgz
 .vscode/
 dryrun.yaml
+license.txt
 test-values.yaml
diff --git a/charts/wandb/Chart.yaml b/charts/wandb/Chart.yaml
index 6b0e96c4..fb879133 100644
--- a/charts/wandb/Chart.yaml
+++ b/charts/wandb/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: wandb
 description: A Helm chart for deploying W&B to Kubernetes
 type: application
-version: 0.2.3
-appVersion: "0.42.0"
+version: 0.3.0
+appVersion: "0.44.1"
 icon: https://wandb.ai/logo.svg
 maintainers:
   - name: wandb
diff --git a/charts/wandb/templates/_helpers.tpl b/charts/wandb/templates/_helpers.tpl
index b8117ae9..3f5316ac 100644
--- a/charts/wandb/templates/_helpers.tpl
+++ b/charts/wandb/templates/_helpers.tpl
@@ -87,4 +87,16 @@ SQL configuration helpers, MySQL 8 needs session variable permissions
 {{- if eq (include "wandb.mysqlVersion" .) "8" }}
 {{- printf "SESSION_VARIABLES_ADMIN," -}}
 {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
+
+
+{{/*
+Secrets Manager Role and Binding
+*/}}
+{{- define "wandb.secretManagerRoleName" -}}
+{{- printf "%s-secret-manager-role" (include "wandb.fullname" .) -}}
+{{- end -}}
+
+{{- define "wandb.secretManagerRoleBindingName" -}}
+{{- printf "%s-secret-manager-binding" (include "wandb.fullname" .) -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/wandb/templates/role.yaml b/charts/wandb/templates/role.yaml
new file mode 100644
index 00000000..2dae05ec
--- /dev/null
+++ b/charts/wandb/templates/role.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "wandb.secretManagerRoleName" . }}
+  labels:
+  {{- include "wandb.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "delete"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get"]
diff --git a/charts/wandb/templates/rolebinding.yaml b/charts/wandb/templates/rolebinding.yaml
new file mode 100644
index 00000000..a27890e6
--- /dev/null
+++ b/charts/wandb/templates/rolebinding.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "wandb.secretManagerRoleBindingName" . }}
+  labels:
+  {{- include "wandb.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "wandb.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "wandb.secretManagerRoleName" . }}
+  apiGroup: rbac.authorization.k8s.io