From c21aa4c86ab4b03f52653b6b35087ce1fec29cd0 Mon Sep 17 00:00:00 2001
From: ugoogalizer <signup@mattcurtis.id.au>
Date: Wed, 1 Mar 2023 08:53:17 +1100
Subject: [PATCH] fix(argo-cd): Added pod exec permission to argo-server Role
 when exec.enabled is True. (#1867)

* Added pods exec to role permissions

The argocd-server Role requires the pods/exec create permission in order to be able to start the web based terminal as per: https://argo-cd.readthedocs.io/en/stable/operator-manual/web_based_terminal/

This brings the Role in line with the ClusterRole change already made

Signed-off-by: ugoogalizer <signup@mattcurtis.id.au>

* bumped version

Signed-off-by: ugoogalizer <signup@mattcurtis.id.au>

* Added description of change

Signed-off-by: ugoogalizer <signup@mattcurtis.id.au>

* Removed trailing whitespace

Signed-off-by: ugoogalizer <signup@mattcurtis.id.au>

---------

Signed-off-by: ugoogalizer <signup@mattcurtis.id.au>
Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
Co-authored-by: Petr Drastil <petr.drastil@gmail.com>
---
 charts/argo-cd/Chart.yaml                        | 6 +++---
 charts/argo-cd/templates/argocd-server/role.yaml | 8 ++++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index 5d082b2b..cd17b7ce 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v2.6.3
 kubeVersion: ">=1.22.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.23.3
+version: 5.23.4
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -23,5 +23,5 @@ dependencies:
     condition: redis-ha.enabled
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Upgrade Argo CD to v.2.6.3
+    - kind: added
+      description: Added pod exec permission to argo-server Role when exec.enabled is True.
diff --git a/charts/argo-cd/templates/argocd-server/role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml
index f4c5d533..477aa7a3 100644
--- a/charts/argo-cd/templates/argocd-server/role.yaml
+++ b/charts/argo-cd/templates/argocd-server/role.yaml
@@ -42,3 +42,11 @@ rules:
   verbs:
   - create
   - list
+{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
+- apiGroups:
+  - ""
+resources:
+  - pods/exec
+verbs:
+  - create
+{{- end }}