From 1df577e0898902931f12bdf4a61641ab23a09954 Mon Sep 17 00:00:00 2001
From: Jiaming Hu <Jiaming.Hu@ibm.com>
Date: Tue, 2 Feb 2021 08:52:26 -0500
Subject: [PATCH] create secretshare CR

---
 controllers/bootstrap/init.go       | 28 ++++++++++++++++++++++++++++
 controllers/constant/secretshare.go | 14 ++++++++++++++
 go.mod                              |  2 +-
 main.go                             |  2 ++
 4 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/controllers/bootstrap/init.go b/controllers/bootstrap/init.go
index afada1faf..71a66cbe2 100644
--- a/controllers/bootstrap/init.go
+++ b/controllers/bootstrap/init.go
@@ -19,6 +19,7 @@ package bootstrap
 import (
 	"context"
 	"strconv"
+	"strings"
 	"time"
 
 	olmv1 "github.com/operator-framework/api/pkg/operators/v1"
@@ -420,6 +421,33 @@ func (b *Bootstrap) CreateNsScopeConfigmap() error {
 	return nil
 }
 
+// CreateSecretshareCR creates a secretshare CR for sharing the entitlement key
+func (b *Bootstrap) CreateSecretshareCR(namespace, masterNamespace string) {
+	klog.Info("Creating secretshare CR for entitlement registry secret")
+	dc := discovery.NewDiscoveryClientForConfigOrDie(b.Config)
+	for {
+		exist, err := resourceExists(dc, "ibmcpcs.ibm.com/v1", "SecretShare")
+		if err != nil {
+			klog.Error(err)
+			time.Sleep(20 * time.Second)
+			continue
+		}
+		if !exist {
+			klog.Info("Waiting for SecretShare CRD deployed")
+			time.Sleep(20 * time.Second)
+			continue
+		}
+		entitlementCR := strings.ReplaceAll(constant.SecretshareEntitlementCR, "CR_NAMESPACE", namespace)
+		entitlementCR = strings.ReplaceAll(entitlementCR, "MASTER_NAMESPACE", masterNamespace)
+		if err := b.createOrUpdateFromYaml([]byte(entitlementCR)); err != nil {
+			klog.Error(err)
+			time.Sleep(20 * time.Second)
+			continue
+		}
+		break
+	}
+}
+
 func (b *Bootstrap) deleteSubscription(name, namespace string) error {
 	key := types.NamespacedName{Name: name, Namespace: namespace}
 	sub := &olmv1alpha1.Subscription{}
diff --git a/controllers/constant/secretshare.go b/controllers/constant/secretshare.go
index 73e2be0f2..61d97610f 100644
--- a/controllers/constant/secretshare.go
+++ b/controllers/constant/secretshare.go
@@ -229,3 +229,17 @@ spec:
             memory: 200Mi
       terminationGracePeriodSeconds: 10
 `
+
+// Secretshare Operator CR for entitle registry
+const SecretshareEntitlementCR = `
+apiVersion: ibmcpcs.ibm.com/v1
+kind: SecretShare
+metadata:
+  name: ibm-entitlement-key
+  namespace: CR_NAMESPACE
+spec:
+  secretshares:
+    - secretname: ibm-entitlement-key
+      sharewith:
+        - namespace: MASTER_NAMESPACE
+`
diff --git a/go.mod b/go.mod
index 3a81aff03..16ed814df 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.13
 require (
 	github.com/IBM/ibm-namespace-scope-operator v1.0.1
 	github.com/ghodss/yaml v1.0.0
-	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/onsi/ginkgo v1.12.1
 	github.com/onsi/gomega v1.10.1
 	github.com/operator-framework/api v0.3.10
diff --git a/main.go b/main.go
index 64b09ccf7..d313a9626 100644
--- a/main.go
+++ b/main.go
@@ -105,6 +105,8 @@ func main() {
 			klog.Errorf("Failed to create Namespace Scope ConfigMap: %v", err)
 			os.Exit(1)
 		}
+
+		go bs.CreateSecretshareCR(operatorNs, bs.MasterNamespace)
 	}
 
 	if operatorNs == bs.MasterNamespace || operatorNs == constant.ClusterOperatorNamespace {