From 9f1c81cf4d4c6a49f35470993f6fa337973b3546 Mon Sep 17 00:00:00 2001
From: Predrag Knezevic <pknezevi@redhat.com>
Date: Tue, 8 Sep 2020 14:30:23 +0200
Subject: [PATCH] Add system:authenticated exception for HelmChartRepository
 CRs used by console

HelmChartRepository instances keep Helm chart repository configuration.
By default users are able to browse charts from all configured repositories through console
---
 test/extended/authorization/rbac/groups_default_rules.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/extended/authorization/rbac/groups_default_rules.go b/test/extended/authorization/rbac/groups_default_rules.go
index 8a41f792f66e..18d6f0ecffad 100644
--- a/test/extended/authorization/rbac/groups_default_rules.go
+++ b/test/extended/authorization/rbac/groups_default_rules.go
@@ -120,6 +120,10 @@ var (
 			// The console team is working on eliminating this exception in the near future
 			rbacv1helpers.NewRule(read...).Groups(consoleGroup).Resources("consoleclidownloads", "consolelinks", "consoleexternalloglinks", "consolenotifications", "consoleyamlsamples").RuleOrDie(),
 
+			// HelmChartRepository instances keep Helm chart repository configuration
+			// By default users are able to browse charts from all configured repositories through console UI
+			rbacv1helpers.NewRule("get", "list").Groups("helm.openshift.io").Resources("helmchartrepositories").RuleOrDie(),
+
 			// TODO: remove when openshift-apiserver has removed these
 			rbacv1helpers.NewRule("get").URLs(
 				"/healthz/",