From cca99cb3bfe97345a66987564365111f1880d9f3 Mon Sep 17 00:00:00 2001
From: tchughesiv <tchughesiv@gmail.com>
Date: Tue, 26 Mar 2019 15:19:37 -0500
Subject: [PATCH 1/5] [RHPAM-1970] add init containers for DB checks

Signed-off-by: tchughesiv <tchughesiv@gmail.com>
---
 config/dbs/mysql.yaml      | 11 +++++++++++
 config/dbs/postgresql.yaml | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/config/dbs/mysql.yaml b/config/dbs/mysql.yaml
index f8e89e5b5..508ac8287 100644
--- a/config/dbs/mysql.yaml
+++ b/config/dbs/mysql.yaml
@@ -9,6 +9,17 @@ servers:
         spec:
           template:
             spec:
+              initContainers:
+                - command:
+                    [
+                      "sh",
+                      "-c",
+                      "until nslookup [[.KieName]]-mysql && nc -vz [[.KieName]]-mysql 3306; do echo waiting for [[.KieName]]-mysql; sleep 2; done;",
+                    ]
+                  image: busybox
+                  imagePullPolicy: IfNotPresent
+                  name: "[[.KieName]]-mysql-init"
+                  terminationMessagePolicy: FallbackToLogsOnError
               containers:
                 - name: "[[.KieName]]"
                   env:
diff --git a/config/dbs/postgresql.yaml b/config/dbs/postgresql.yaml
index 37c43d18e..54d6ada9f 100644
--- a/config/dbs/postgresql.yaml
+++ b/config/dbs/postgresql.yaml
@@ -9,6 +9,17 @@ servers:
         spec:
           template:
             spec:
+              initContainers:
+                - command:
+                    [
+                      "sh",
+                      "-c",
+                      "until nslookup [[.KieName]]-postgresql && nc -vz [[.KieName]]-postgresql 5432; do echo waiting for [[.KieName]]-postgresql; sleep 2; done;",
+                    ]
+                  image: busybox
+                  imagePullPolicy: IfNotPresent
+                  name: "[[.KieName]]-postgresql-init"
+                  terminationMessagePolicy: FallbackToLogsOnError
               containers:
                 - name: "[[.KieName]]"
                   env:

From 5daf86b876b0a8a2ff23c45c18c0b322939de63f Mon Sep 17 00:00:00 2001
From: tchughesiv <tchughesiv@gmail.com>
Date: Wed, 27 Mar 2019 12:05:35 -0500
Subject: [PATCH 2/5] change documentation link in csv

Signed-off-by: tchughesiv <tchughesiv@gmail.com>
---
 .../kiecloud-operator.v1.0.0.clusterserviceversion.yaml         | 2 +-
 ...usinessautomation-operator.v1.0.0.clusterserviceversion.yaml | 2 +-
 deploy/catalog_resources/redhat/catalog-source.yaml             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml b/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
index 58c4cb4f2..c9305f265 100644
--- a/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
+++ b/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
@@ -39,7 +39,7 @@ spec:
     - name: Product Page
       url: https://access.redhat.com/products/red-hat-process-automation-manager
     - name: Documentation
-      url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.2/html-single/installing_and_configuring_red_hat_process_automation_manager_on_red_hat_jboss_eap_7.2/
+      url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/#category-deploying-red-hat-process-automation-manager-on-openshift
   icon:
     - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxMDAgMTAwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2Q3MWUwMH0uY2xzLTJ7ZmlsbDojYzIxYTAwfS5jbHMtM3tmaWxsOiNmZmZ9LmNscy00e2ZpbGw6I2VhZWFlYX0uY2xzLTV7ZmlsbDojYjdiN2I3fS5jbHMtNntmaWxsOiNjZGNkY2R9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkxvZ288L3RpdGxlPjxnIGlkPSJMYXllcl8xIiBkYXRhLW5hbWU9IkxheWVyIDEiPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNTAiIGN5PSI1MCIgcj0iNTAiIHRyYW5zZm9ybT0icm90YXRlKC00NSA1MCA1MCkiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik04NS4zNiAxNC42NGE1MCA1MCAwIDAgMS03MC43MiA3MC43MnoiLz48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik02NS43NiAzNC4yOEwxNS42IDQzLjE1djEuMTNhLjM0LjM0IDAgMCAwIC4zLjM0YzEuNDcuMTcgNy45MyAyLjExIDggMjMuNDlhLjQ2LjQ2IDAgMCAwIC4zNS40NGwyLjU5LjU3cy0xLjIxLTI1LjU0IDguNzctMjcuMDYgMTEuMiAyNy4yNyAxMS4zMyAzMS4xYS41NC41NCAwIDAgMCAuNDMuNTFsMy41MS43OHMuMDYtMzQuNTQgMTQuOTItMzYuODJ2LTMuMzV6Ii8+PHBhdGggY2xhc3M9ImNscy00IiBkPSJNNjUuMzUgMjcuNTZMMTYuMTggMzguNDJhLjc1Ljc1IDAgMCAwLS41OS43M3Y0bDUwLjE3LTguODd2LTYuNzZhMS42OCAxLjY4IDAgMCAwLS40MS4wNHoiLz48cGF0aCBjbGFzcz0iY2xzLTUiIGQ9Ik0zNS42MSA0Mi4wNWMtNC42MS43LTYuODMgNi41NC03Ljg5IDEyLjYxbDEzLjY1LTEuMzNjMC0uMTcuMDktLjM0LjEzLS41MXMuMTQtLjUzLjIxLS44bC4yLS42OHEuMTItLjQuMjUtLjhsLjItLjYyYy4xMi0uMzYuMjUtLjcxLjM5LTEuMDZsLjEyLS4zMmMtMS42NC00LjE3LTMuOTgtNi45OS03LjI2LTYuNDl6TTgyLjIzIDMxLjE5bC0xNi0zLjYyYTEuOSAxLjkgMCAwIDAtLjQyIDB2Ni43NmwxNy4wNiAyLjgzdi01LjIzYS43Ni43NiAwIDAgMC0uNjQtLjc0ek01My40MyA1My42MmwxOC40MS0xLjEzYzIuMS02LjA1IDUuNTEtMTEuNzUgMTEtMTIuOGwtMTctMi4wOGMtNi42OCAxLjEyLTEwLjM2IDguMjktMTIuNDEgMTYuMDF6Ii8+PHBhdGggY2xhc3M9ImNscy02IiBkPSJNNDEuNzEgNTJsLjEzLS40NS0uMTMuNDZ6TTQxLjkxIDUxLjM0bC0uMDYuMjIuMDctLjIzek0yNy43MiA1NC42NmE2OC4yNiA2OC4yNiAwIDAgMC0uOTMgMTJ2Mi40MkwzOSA2Ni4xYTEuMDYgMS4wNiAwIDAgMCAuODEtMSA1OC43MiA1OC43MiAwIDAgMSAxLjY5LTEyLjI2YzAgLjE2LS4wOS4zMy0uMTMuNDl6TTY1Ljc4IDM0LjI4bC4wMSAzLjM0IDE3LjAzIDIuMDd2LTIuNThsLTE3LjA0LTIuODN6TTUwLjg3IDc0LjQ0TDY4IDY4LjY4YS45Mi45MiAwIDAgMCAuNjMtLjc5IDcyLjQ2IDcyLjQ2IDAgMCAxIDMuMTgtMTUuNGwtMTguMzggMS4xM2E5MC45MSA5MC45MSAwIDAgMC0yLjU2IDIwLjgyek01My40MyA1My42MnoiLz48L2c+PC9zdmc+
       mediatype: image/svg+xml
diff --git a/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml b/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
index 70878c535..90ae24e35 100644
--- a/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
+++ b/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
@@ -39,7 +39,7 @@ spec:
     - name: Product Page
       url: https://access.redhat.com/products/red-hat-process-automation-manager
     - name: Documentation
-      url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/html-single/installing_and_configuring_red_hat_process_automation_manager_on_red_hat_jboss_eap_7.3/
+      url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/#category-deploying-red-hat-process-automation-manager-on-openshift
   icon:
     - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxMDAgMTAwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2Q3MWUwMH0uY2xzLTJ7ZmlsbDojYzIxYTAwfS5jbHMtM3tmaWxsOiNmZmZ9LmNscy00e2ZpbGw6I2VhZWFlYX0uY2xzLTV7ZmlsbDojYjdiN2I3fS5jbHMtNntmaWxsOiNjZGNkY2R9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkxvZ288L3RpdGxlPjxnIGlkPSJMYXllcl8xIiBkYXRhLW5hbWU9IkxheWVyIDEiPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNTAiIGN5PSI1MCIgcj0iNTAiIHRyYW5zZm9ybT0icm90YXRlKC00NSA1MCA1MCkiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik04NS4zNiAxNC42NGE1MCA1MCAwIDAgMS03MC43MiA3MC43MnoiLz48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik02NS43NiAzNC4yOEwxNS42IDQzLjE1djEuMTNhLjM0LjM0IDAgMCAwIC4zLjM0YzEuNDcuMTcgNy45MyAyLjExIDggMjMuNDlhLjQ2LjQ2IDAgMCAwIC4zNS40NGwyLjU5LjU3cy0xLjIxLTI1LjU0IDguNzctMjcuMDYgMTEuMiAyNy4yNyAxMS4zMyAzMS4xYS41NC41NCAwIDAgMCAuNDMuNTFsMy41MS43OHMuMDYtMzQuNTQgMTQuOTItMzYuODJ2LTMuMzV6Ii8+PHBhdGggY2xhc3M9ImNscy00IiBkPSJNNjUuMzUgMjcuNTZMMTYuMTggMzguNDJhLjc1Ljc1IDAgMCAwLS41OS43M3Y0bDUwLjE3LTguODd2LTYuNzZhMS42OCAxLjY4IDAgMCAwLS40MS4wNHoiLz48cGF0aCBjbGFzcz0iY2xzLTUiIGQ9Ik0zNS42MSA0Mi4wNWMtNC42MS43LTYuODMgNi41NC03Ljg5IDEyLjYxbDEzLjY1LTEuMzNjMC0uMTcuMDktLjM0LjEzLS41MXMuMTQtLjUzLjIxLS44bC4yLS42OHEuMTItLjQuMjUtLjhsLjItLjYyYy4xMi0uMzYuMjUtLjcxLjM5LTEuMDZsLjEyLS4zMmMtMS42NC00LjE3LTMuOTgtNi45OS03LjI2LTYuNDl6TTgyLjIzIDMxLjE5bC0xNi0zLjYyYTEuOSAxLjkgMCAwIDAtLjQyIDB2Ni43NmwxNy4wNiAyLjgzdi01LjIzYS43Ni43NiAwIDAgMC0uNjQtLjc0ek01My40MyA1My42MmwxOC40MS0xLjEzYzIuMS02LjA1IDUuNTEtMTEuNzUgMTEtMTIuOGwtMTctMi4wOGMtNi42OCAxLjEyLTEwLjM2IDguMjktMTIuNDEgMTYuMDF6Ii8+PHBhdGggY2xhc3M9ImNscy02IiBkPSJNNDEuNzEgNTJsLjEzLS40NS0uMTMuNDZ6TTQxLjkxIDUxLjM0bC0uMDYuMjIuMDctLjIzek0yNy43MiA1NC42NmE2OC4yNiA2OC4yNiAwIDAgMC0uOTMgMTJ2Mi40MkwzOSA2Ni4xYTEuMDYgMS4wNiAwIDAgMCAuODEtMSA1OC43MiA1OC43MiAwIDAgMSAxLjY5LTEyLjI2YzAgLjE2LS4wOS4zMy0uMTMuNDl6TTY1Ljc4IDM0LjI4bC4wMSAzLjM0IDE3LjAzIDIuMDd2LTIuNThsLTE3LjA0LTIuODN6TTUwLjg3IDc0LjQ0TDY4IDY4LjY4YS45Mi45MiAwIDAgMCAuNjMtLjc5IDcyLjQ2IDcyLjQ2IDAgMCAxIDMuMTgtMTUuNGwtMTguMzggMS4xM2E5MC45MSA5MC45MSAwIDAgMC0yLjU2IDIwLjgyek01My40MyA1My42MnoiLz48L2c+PC9zdmc+
       mediatype: image/svg+xml
diff --git a/deploy/catalog_resources/redhat/catalog-source.yaml b/deploy/catalog_resources/redhat/catalog-source.yaml
index 56103bbd5..ed6e151b8 100644
--- a/deploy/catalog_resources/redhat/catalog-source.yaml
+++ b/deploy/catalog_resources/redhat/catalog-source.yaml
@@ -49,7 +49,7 @@ items:
               - name: Product Page
                 url: https://access.redhat.com/products/red-hat-process-automation-manager
               - name: Documentation
-                url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/html-single/installing_and_configuring_red_hat_process_automation_manager_on_red_hat_jboss_eap_7.3/
+                url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/#category-deploying-red-hat-process-automation-manager-on-openshift
             icon:
               - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxMDAgMTAwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2Q3MWUwMH0uY2xzLTJ7ZmlsbDojYzIxYTAwfS5jbHMtM3tmaWxsOiNmZmZ9LmNscy00e2ZpbGw6I2VhZWFlYX0uY2xzLTV7ZmlsbDojYjdiN2I3fS5jbHMtNntmaWxsOiNjZGNkY2R9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkxvZ288L3RpdGxlPjxnIGlkPSJMYXllcl8xIiBkYXRhLW5hbWU9IkxheWVyIDEiPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNTAiIGN5PSI1MCIgcj0iNTAiIHRyYW5zZm9ybT0icm90YXRlKC00NSA1MCA1MCkiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik04NS4zNiAxNC42NGE1MCA1MCAwIDAgMS03MC43MiA3MC43MnoiLz48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik02NS43NiAzNC4yOEwxNS42IDQzLjE1djEuMTNhLjM0LjM0IDAgMCAwIC4zLjM0YzEuNDcuMTcgNy45MyAyLjExIDggMjMuNDlhLjQ2LjQ2IDAgMCAwIC4zNS40NGwyLjU5LjU3cy0xLjIxLTI1LjU0IDguNzctMjcuMDYgMTEuMiAyNy4yNyAxMS4zMyAzMS4xYS41NC41NCAwIDAgMCAuNDMuNTFsMy41MS43OHMuMDYtMzQuNTQgMTQuOTItMzYuODJ2LTMuMzV6Ii8+PHBhdGggY2xhc3M9ImNscy00IiBkPSJNNjUuMzUgMjcuNTZMMTYuMTggMzguNDJhLjc1Ljc1IDAgMCAwLS41OS43M3Y0bDUwLjE3LTguODd2LTYuNzZhMS42OCAxLjY4IDAgMCAwLS40MS4wNHoiLz48cGF0aCBjbGFzcz0iY2xzLTUiIGQ9Ik0zNS42MSA0Mi4wNWMtNC42MS43LTYuODMgNi41NC03Ljg5IDEyLjYxbDEzLjY1LTEuMzNjMC0uMTcuMDktLjM0LjEzLS41MXMuMTQtLjUzLjIxLS44bC4yLS42OHEuMTItLjQuMjUtLjhsLjItLjYyYy4xMi0uMzYuMjUtLjcxLjM5LTEuMDZsLjEyLS4zMmMtMS42NC00LjE3LTMuOTgtNi45OS03LjI2LTYuNDl6TTgyLjIzIDMxLjE5bC0xNi0zLjYyYTEuOSAxLjkgMCAwIDAtLjQyIDB2Ni43NmwxNy4wNiAyLjgzdi01LjIzYS43Ni43NiAwIDAgMC0uNjQtLjc0ek01My40MyA1My42MmwxOC40MS0xLjEzYzIuMS02LjA1IDUuNTEtMTEuNzUgMTEtMTIuOGwtMTctMi4wOGMtNi42OCAxLjEyLTEwLjM2IDguMjktMTIuNDEgMTYuMDF6Ii8+PHBhdGggY2xhc3M9ImNscy02IiBkPSJNNDEuNzEgNTJsLjEzLS40NS0uMTMuNDZ6TTQxLjkxIDUxLjM0bC0uMDYuMjIuMDctLjIzek0yNy43MiA1NC42NmE2OC4yNiA2OC4yNiAwIDAgMC0uOTMgMTJ2Mi40MkwzOSA2Ni4xYTEuMDYgMS4wNiAwIDAgMCAuODEtMSA1OC43MiA1OC43MiAwIDAgMSAxLjY5LTEyLjI2YzAgLjE2LS4wOS4zMy0uMTMuNDl6TTY1Ljc4IDM0LjI4bC4wMSAzLjM0IDE3LjAzIDIuMDd2LTIuNThsLTE3LjA0LTIuODN6TTUwLjg3IDc0LjQ0TDY4IDY4LjY4YS45Mi45MiAwIDAgMCAuNjMtLjc5IDcyLjQ2IDcyLjQ2IDAgMCAxIDMuMTgtMTUuNGwtMTguMzggMS4xM2E5MC45MSA5MC45MSAwIDAgMC0yLjU2IDIwLjgyek01My40MyA1My42MnoiLz48L2c+PC9zdmc+
                 mediatype: image/svg+xml

From 3e0b6ea1e98afc514634571d1a458bdcce31c82b Mon Sep 17 00:00:00 2001
From: tchughesiv <tchughesiv@gmail.com>
Date: Wed, 27 Mar 2019 14:42:25 -0500
Subject: [PATCH 3/5] permission improvements

Signed-off-by: tchughesiv <tchughesiv@gmail.com>
---
 config/common.yaml                            |  5 ---
 ...operator.v1.0.0.clusterserviceversion.yaml | 34 +------------------
 ...operator.v1.0.0.clusterserviceversion.yaml | 34 +------------------
 .../redhat/catalog-source.yaml                | 34 +------------------
 deploy/role.yaml                              | 34 +------------------
 5 files changed, 4 insertions(+), 137 deletions(-)

diff --git a/config/common.yaml b/config/common.yaml
index 56ef74d0d..cd8cd3399 100644
--- a/config/common.yaml
+++ b/config/common.yaml
@@ -724,11 +724,6 @@ others:
         rules:
           - apiGroups:
               - ""
-            resources:
-              - "*"
-            verbs:
-              - "*"
-          - apiGroups:
               - app.kiegroup.org
               - apps.openshift.io
               - image.openshift.io
diff --git a/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml b/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
index c9305f265..1cf8582c3 100644
--- a/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
+++ b/deploy/catalog_resources/community/kiecloud-operator.v1.0.0.clusterserviceversion.yaml
@@ -119,34 +119,9 @@ spec:
           rules:
             - apiGroups:
                 - ""
-              resources:
-                - "*"
-              verbs:
-                - "*"
-            - apiGroups:
-                - ""
-              resources:
-                - pods
-                - services
-                - endpoints
-                - persistentvolumeclaims
-                - events
-                - configmaps
-                - secrets
-                - serviceaccounts
-              verbs:
-                - "*"
-            - apiGroups:
                 - apps
-              resources:
-                - deployments
-                - daemonsets
-                - replicasets
-                - statefulsets
-              verbs:
-                - "*"
-            - apiGroups:
                 - app.kiegroup.org
+                - rbac.authorization.k8s.io
                 - apps.openshift.io
                 - image.openshift.io
                 - build.openshift.io
@@ -155,13 +130,6 @@ spec:
                 - "*"
               verbs:
                 - "*"
-            - apiGroups:
-                - rbac.authorization.k8s.io
-              resources:
-                - roles
-                - rolebindings
-              verbs:
-                - "*"
             - apiGroups:
                 - monitoring.coreos.com
               resources:
diff --git a/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml b/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
index 90ae24e35..b64bbf0e2 100644
--- a/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
+++ b/deploy/catalog_resources/redhat/businessautomation-operator.v1.0.0.clusterserviceversion.yaml
@@ -119,34 +119,9 @@ spec:
           rules:
             - apiGroups:
                 - ""
-              resources:
-                - "*"
-              verbs:
-                - "*"
-            - apiGroups:
-                - ""
-              resources:
-                - pods
-                - services
-                - endpoints
-                - persistentvolumeclaims
-                - events
-                - configmaps
-                - secrets
-                - serviceaccounts
-              verbs:
-                - "*"
-            - apiGroups:
                 - apps
-              resources:
-                - deployments
-                - daemonsets
-                - replicasets
-                - statefulsets
-              verbs:
-                - "*"
-            - apiGroups:
                 - app.kiegroup.org
+                - rbac.authorization.k8s.io
                 - apps.openshift.io
                 - image.openshift.io
                 - build.openshift.io
@@ -155,13 +130,6 @@ spec:
                 - "*"
               verbs:
                 - "*"
-            - apiGroups:
-                - rbac.authorization.k8s.io
-              resources:
-                - roles
-                - rolebindings
-              verbs:
-                - "*"
             - apiGroups:
                 - monitoring.coreos.com
               resources:
diff --git a/deploy/catalog_resources/redhat/catalog-source.yaml b/deploy/catalog_resources/redhat/catalog-source.yaml
index ed6e151b8..ebb830f5a 100644
--- a/deploy/catalog_resources/redhat/catalog-source.yaml
+++ b/deploy/catalog_resources/redhat/catalog-source.yaml
@@ -129,34 +129,9 @@ items:
                     rules:
                       - apiGroups:
                           - ""
-                        resources:
-                          - "*"
-                        verbs:
-                          - "*"
-                      - apiGroups:
-                          - ""
-                        resources:
-                          - pods
-                          - services
-                          - endpoints
-                          - persistentvolumeclaims
-                          - events
-                          - configmaps
-                          - secrets
-                          - serviceaccounts
-                        verbs:
-                          - "*"
-                      - apiGroups:
                           - apps
-                        resources:
-                          - deployments
-                          - daemonsets
-                          - replicasets
-                          - statefulsets
-                        verbs:
-                          - "*"
-                      - apiGroups:
                           - app.kiegroup.org
+                          - rbac.authorization.k8s.io
                           - apps.openshift.io
                           - image.openshift.io
                           - build.openshift.io
@@ -165,13 +140,6 @@ items:
                           - "*"
                         verbs:
                           - "*"
-                      - apiGroups:
-                          - rbac.authorization.k8s.io
-                        resources:
-                          - roles
-                          - rolebindings
-                        verbs:
-                          - "*"
                       - apiGroups:
                           - monitoring.coreos.com
                         resources:
diff --git a/deploy/role.yaml b/deploy/role.yaml
index 096a46cba..383d6249a 100644
--- a/deploy/role.yaml
+++ b/deploy/role.yaml
@@ -5,34 +5,9 @@ metadata:
 rules:
   - apiGroups:
       - ""
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - services
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-      - serviceaccounts
-    verbs:
-      - "*"
-  - apiGroups:
       - apps
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-    verbs:
-      - "*"
-  - apiGroups:
       - app.kiegroup.org
+      - rbac.authorization.k8s.io
       - apps.openshift.io
       - image.openshift.io
       - build.openshift.io
@@ -41,13 +16,6 @@ rules:
       - "*"
     verbs:
       - "*"
-  - apiGroups:
-      - rbac.authorization.k8s.io
-    resources:
-      - roles
-      - rolebindings
-    verbs:
-      - "*"
   - apiGroups:
       - monitoring.coreos.com
     resources:

From 7462a0516e8389d6962ea3ddd86823715bc0ce30 Mon Sep 17 00:00:00 2001
From: tchughesiv <tchughesiv@gmail.com>
Date: Thu, 28 Mar 2019 10:23:59 -0500
Subject: [PATCH 4/5] [KIECLOUD-165] fix h2 db persistence

Signed-off-by: tchughesiv <tchughesiv@gmail.com>
---
 config/dbs/h2.yaml | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/config/dbs/h2.yaml b/config/dbs/h2.yaml
index 8db665d1d..a46b4c597 100644
--- a/config/dbs/h2.yaml
+++ b/config/dbs/h2.yaml
@@ -13,10 +13,37 @@ servers:
             spec:
               containers:
                 - name: "[[.KieName]]"
+                  env:
+                    ## H2 driver settings BEGIN
+                    - name: DATASOURCES
+                      value: "RHPAM"
+                    - name: RHPAM_DATABASE
+                      value: "rhpam7"
+                    - name: RHPAM_JNDI
+                      value: "java:/jboss/datasources/rhpam"
+                    - name: RHPAM_JTA
+                      value: "true"
+                    - name: RHPAM_DRIVER
+                      value: "h2"
+                    - name: KIE_SERVER_PERSISTENCE_DIALECT
+                      value: "org.hibernate.dialect.H2Dialect"
+                    - name: RHPAM_USERNAME
+                      value: "rhpam"
+                    - name: RHPAM_PASSWORD
+                      value: "[[$.AdminPassword]]"
+                    - name: RHPAM_SERVICE_HOST
+                      value: "dummy_ignored"
+                    - name: RHPAM_SERVICE_PORT
+                      value: "12345"
+                    - name: KIE_SERVER_PERSISTENCE_DS
+                      value: "java:/jboss/datasources/rhpam"
+                    - name: RHPAM_XA_CONNECTION_PROPERTY_URL
+                      value: "jdbc:h2:/opt/eap/standalone/data/rhpam"
+                    ## H2 driver settings END
                   volumeMounts:
                     - name: "[[.KieName]]-h2-[[$.Constants.DatabaseVolumeSuffix]]"
                       mountPath: "/opt/eap/standalone/data"
-## [[ if ne .Database.Size "" ]]
+              ## [[ if ne .Database.Size "" ]]
               volumes:
                 ## H2 volume settings BEGIN
                 - name: "[[.KieName]]-h2-[[$.Constants.DatabaseVolumeSuffix]]"
@@ -37,8 +64,8 @@ servers:
           resources:
             requests:
               storage: "[[.Database.Size]]"
-      ## H2 persistent volume claim END
-## [[ else ]]
+              ## H2 persistent volume claim END
+              ## [[ else ]]
               volumes:
                 ## H2 volume settings BEGIN
                 - name: "[[.KieName]]-h2-[[$.Constants.DatabaseVolumeSuffix]]"

From f308ce8d29101824a90b75ed20d2b7d797a144d9 Mon Sep 17 00:00:00 2001
From: tchughesiv <tchughesiv@gmail.com>
Date: Tue, 26 Mar 2019 14:32:47 -0500
Subject: [PATCH 5/5] [KIECLOUD-168] rhpam authoring-ha fixes

Signed-off-by: tchughesiv <tchughesiv@gmail.com>
---
 config/envs/rhdm-authoring-ha.yaml            |   2 +-
 config/envs/rhpam-authoring-ha.yaml           | 375 ++++++++++++++++--
 .../kieapp/defaults/defaults_test.go          |   1 +
 3 files changed, 348 insertions(+), 30 deletions(-)

diff --git a/config/envs/rhdm-authoring-ha.yaml b/config/envs/rhdm-authoring-ha.yaml
index 6a3283216..100664bd0 100644
--- a/config/envs/rhdm-authoring-ha.yaml
+++ b/config/envs/rhdm-authoring-ha.yaml
@@ -290,7 +290,7 @@ others:
                 from:
                   kind: ImageStreamTag
                   namespace: "openshift"
-                  name: "amq-broker-72-scaledown-controller-openshift:0.4"
+                  name: "amq-broker-72-scaledown-controller-openshift:1.0"
               type: ImageChange
             - type: ConfigChange
 
diff --git a/config/envs/rhpam-authoring-ha.yaml b/config/envs/rhpam-authoring-ha.yaml
index bfc47a4ec..0aaefaee5 100644
--- a/config/envs/rhpam-authoring-ha.yaml
+++ b/config/envs/rhpam-authoring-ha.yaml
@@ -58,7 +58,119 @@ smartRouter:
 ## KIE smartrouter END
 # ES/AMQ BEGIN
 others:
-  - persistentVolumeClaims:
+  - roles:
+      - metadata:
+          name: "[[.ApplicationName]]-amq-role"
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+        rules:
+          - apiGroups:
+              - ""
+            resources:
+              - endpoints
+            verbs:
+              - create
+              - delete
+              - deletecollection
+              - get
+              - list
+              - patch
+              - update
+              - watch
+          - apiGroups:
+              - ""
+            resources:
+              - namespaces
+            verbs:
+              - get
+              - list
+
+      - metadata:
+          name: "[[.ApplicationName]]-amq-scaledown-controller-role"
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+        rules:
+          - apiGroups:
+              - apps
+            resources:
+              - statefulsets
+            verbs:
+              - get
+              - list
+              - watch
+          - apiGroups:
+              - ""
+            resources:
+              - pods
+            verbs:
+              - get
+              - list
+              - watch
+              - create
+              - delete
+              - patch
+              - update
+          - apiGroups:
+              - ""
+            resources:
+              - persistentvolumeclaims
+            verbs:
+              - get
+              - list
+              - watch
+              - delete
+          - apiGroups:
+              - ""
+            resources:
+              - events
+            verbs:
+              - get
+              - list
+              - watch
+
+    rolebindings:
+      - metadata:
+          name: "[[.ApplicationName]]-amq-scaledown-controller-openshift-rb"
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+        subjects:
+          - kind: ServiceAccount
+            name: "[[.ApplicationName]]-amq-scaledown-controller-sa"
+        roleRef:
+          kind: Role
+          name: "[[.ApplicationName]]-amq-scaledown-controller-role"
+          apiGroup: rbac.authorization.k8s.io
+
+      - metadata:
+          name: "[[.ApplicationName]]-amq-rb"
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+        subjects:
+          - kind: ServiceAccount
+            name: "[[.ApplicationName]]-amq-sa"
+        roleRef:
+          kind: Role
+          name: "[[.ApplicationName]]-amq-role"
+          apiGroup: rbac.authorization.k8s.io
+
+    serviceaccounts:
+      - metadata:
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+          name: "[[.ApplicationName]]-amq-sa"
+
+      - metadata:
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+          name: "[[.ApplicationName]]-amq-scaledown-controller-sa"
+
+    persistentVolumeClaims:
       - metadata:
           name: "[[.ApplicationName]]-[[.Constants.Product]]index-claim"
           labels:
@@ -138,17 +250,172 @@ others:
           labels:
             app: "[[.ApplicationName]]"
             application: "[[.ApplicationName]]"
-          name: "[[.ApplicationName]]-amq"
+            service: "[[.ApplicationName]]-amq-scaledown-controller"
+          name: "[[.ApplicationName]]-amq-scaledown-controller"
+          annotations:
+            deployment.kubernetes.io/revision: "1"
+            template.alpha.openshift.io/wait-for-ready: "true"
         spec:
           replicas: 1
           selector:
-            deploymentConfig: "[[.ApplicationName]]-amq"
+            deploymentConfig: "[[.ApplicationName]]-amq-scaledown-controller"
           strategy:
             rollingParams:
               maxSurge: 0
             type: Rolling
           template:
             metadata:
+              labels:
+                app: "[[.ApplicationName]]"
+                application: "[[.ApplicationName]]"
+                deploymentConfig: "[[.ApplicationName]]-amq-scaledown-controller"
+              name: "[[.ApplicationName]]-amq-scaledown-controller"
+            spec:
+              serviceAccountName: "[[.ApplicationName]]-amq-scaledown-controller-sa"
+              containers:
+                - args:
+                    - --localOnly
+                    - --v
+                    - "3"
+                  image: "amq-broker-72-scaledown-controller-openshift"
+                  imagePullPolicy: IfNotPresent
+                  name: "[[.ApplicationName]]-amq"
+              terminationGracePeriodSeconds: 30
+          triggers:
+            - imageChangeParams:
+                automatic: true
+                containerNames:
+                  - "[[.ApplicationName]]-amq"
+                from:
+                  kind: ImageStreamTag
+                  namespace: "openshift"
+                  name: "amq-broker-72-scaledown-controller-openshift:1.0"
+              type: ImageChange
+            - type: ConfigChange
+
+    statefulsets:
+      - metadata:
+          annotations:
+            alpha.image.policy.openshift.io/resolve-names: "*"
+            statefulsets.kubernetes.io/drainer-pod-template: |
+              {
+                "metadata": {
+                  "labels": {
+                    "app": "[[.ApplicationName]]",
+                    "application": "[[.ApplicationName]]"
+                  },
+                  "name": "[[.ApplicationName]]-amq-drainer-pod"
+                },
+                "spec": {
+                  "serviceAccount": "[[.ApplicationName]]-amq-sa",
+                  "serviceAccountName": "[[.ApplicationName]]-amq-sa",
+                  "terminationGracePeriodSeconds": 5,
+                  "containers": [
+                    {
+                      "env": [
+                        {
+                          "name": "AMQ_EXTRA_ARGS",
+                          "value": "--no-autotune"
+                        },
+                        {
+                          "name": "AMQ_USER",
+                          "value": "jmsBrokserUser"
+                        },
+                        {
+                          "name": "AMQ_PASSWORD",
+                          "value": "[[.AdminPassword]]"
+                        },
+                        {
+                          "name": "AMQ_ROLE",
+                          "value": "admin"
+                        },
+                        {
+                          "name": "AMQ_NAME",
+                          "value": "broker"
+                        },
+                        {
+                          "name": "AMQ_TRANSPORTS",
+                          "value": "openwire"
+                        },
+                        {
+                          "name": "AMQ_QUEUES",
+                          "value": ""
+                        },
+                        {
+                          "name": "AMQ_GLOBAL_MAX_SIZE",
+                          "value": "100 gb"
+                        },
+                        {
+                          "name": "AMQ_ALLOW_ANONYMOUS",
+                          "value": ""
+                        },
+                        {
+                          "name": "AMQ_DATA_DIR",
+                          "value": "/opt/amq/data"
+                        },
+                        {
+                          "name": "AMQ_DATA_DIR_LOGGING",
+                          "value": "true"
+                        },
+                        {
+                          "name": "AMQ_CLUSTERED",
+                          "value": "true"
+                        },
+                        {
+                          "name": "AMQ_REPLICAS",
+                          "value": "2"
+                        },
+                        {
+                          "name": "AMQ_CLUSTER_USER",
+                          "value": "jmsBrokserUser"
+                        },
+                        {
+                          "name": "AMQ_CLUSTER_PASSWORD",
+                          "value": "[[.AdminPassword]]"
+                        },
+                        {
+                          "name": "POD_NAMESPACE",
+                          "valueFrom": {
+                            "fieldRef": {
+                              "fieldPath": "metadata.namespace"
+                            }
+                          }
+                        },
+                        {
+                          "name": "OPENSHIFT_DNS_PING_SERVICE_PORT",
+                          "value": "8888"
+                        }
+                      ],
+                      "image": "amq-broker-72-openshift:1.1",
+                      "name": "[[.ApplicationName]]-amq",
+                      "command": ["/bin/sh", "-c", "echo \"Starting the drainer\" ; /opt/amq/bin/drain.sh; echo \"Drain completed! Exit code $?\""],
+                      "volumeMounts": [
+                        {
+                          "name": "[[.ApplicationName]]-amq-pvol",
+                          "mountPath": "/opt/amq/data"
+                        }
+                      ]
+                    }
+                  ]
+                }
+              }
+          creationTimestamp: null
+          generation: 3
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+          name: "[[.ApplicationName]]-amq"
+        spec:
+          podManagementPolicy: OrderedReady
+          replicas: 2
+          revisionHistoryLimit: 10
+          selector:
+            matchLabels:
+              app: "[[.ApplicationName]]"
+          serviceName: "[[.ApplicationName]]-amq-tcp"
+          template:
+            metadata:
+              creationTimestamp: null
               labels:
                 app: "[[.ApplicationName]]"
                 application: "[[.ApplicationName]]"
@@ -169,20 +436,32 @@ others:
                       value: "openwire"
                     - name: AMQ_GLOBAL_MAX_SIZE
                       value: "100 gb"
-                  image: "amq-broker-72-openshift"
-                  imagePullPolicy: Always
-                  readinessProbe:
-                    exec:
-                      command:
-                        - "/bin/bash"
-                        - "-c"
-                        - "/opt/amq/bin/readinessProbe.sh"
-                  lifecycle:
-                    preStop:
-                      exec:
-                        command:
-                          - /opt/amq/bin/shutdownHook.sh
-                  name: "[[.ApplicationName]]-amq"
+                    - name: AMQ_REQUIRE_LOGIN
+                    - name: AMQ_DATA_DIR
+                      value: /opt/amq/data
+                    - name: AMQ_DATA_DIR_LOGGING
+                      value: "true"
+                    - name: AMQ_CLUSTERED
+                      value: "true"
+                    - name: AMQ_REPLICAS
+                      value: "0"
+                    - name: AMQ_CLUSTER_USER
+                      value: "jmsBrokserUser"
+                    - name: AMQ_CLUSTER_PASSWORD
+                      value: "[[.AdminPassword]]"
+                    - name: OPENSHIFT_DNS_PING_SERVICE_NAME
+                      value: "[[.ApplicationName]]-amq-ping"
+                    - name: AMQ_EXTRA_ARGS
+                    - name: AMQ_ANYCAST_PREFIX
+                    - name: AMQ_MULTICAST_PREFIX
+                    - name: POD_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                          apiVersion: v1
+                          fieldPath: metadata.namespace
+                  image: "amq-broker-72-openshift:1.1"
+                  imagePullPolicy: IfNotPresent
+                  name: broker-amq
                   ports:
                     - containerPort: 8161
                       name: jolokia
@@ -199,21 +478,43 @@ others:
                     - containerPort: 61616
                       name: artemis
                       protocol: TCP
+                  readinessProbe:
+                    exec:
+                      command:
+                        - /bin/bash
+                        - -c
+                        - /opt/amq/bin/readinessProbe.sh
+                    failureThreshold: 3
+                    periodSeconds: 10
+                    successThreshold: 1
+                    timeoutSeconds: 1
+                  resources: {}
+                  terminationMessagePath: /dev/termination-log
+                  terminationMessagePolicy: File
+                  volumeMounts:
+                    - mountPath: /opt/amq/data
+                      name: "[[.ApplicationName]]-amq-pvol"
+              dnsPolicy: ClusterFirst
+              restartPolicy: Always
+              schedulerName: default-scheduler
+              securityContext: {}
               terminationGracePeriodSeconds: 60
-          triggers:
-            - imageChangeParams:
-                automatic: true
-                containerNames:
-                  - "[[.ApplicationName]]-amq"
-                from:
-                  kind: ImageStreamTag
-                  namespace: "openshift"
-                  name: "amq-broker-72-openshift:1.0"
-              type: ImageChange
-            - type: ConfigChange
+          updateStrategy:
+            type: OnDelete
+          volumeClaimTemplates:
+            - metadata:
+                creationTimestamp: null
+                name: "[[.ApplicationName]]-amq-pvol"
+              spec:
+                accessModes:
+                  - ReadWriteOnce
+                resources:
+                  requests:
+                    storage: 1Gi
 
     services:
       - spec:
+          clusterIP: None
           ports:
             - port: 61616
               targetPort: 61616
@@ -228,6 +529,23 @@ others:
           annotations:
             description: The broker's OpenWire port.
 
+      - spec:
+          clusterIP: None
+          ports:
+            - port: 8888
+              protocol: TCP
+              targetPort: 8888
+          selector:
+            deploymentConfig: "[[.ApplicationName]]-amq"
+        metadata:
+          name: "[[.ApplicationName]]-amq-ping"
+          annotations:
+            description: The JGroups ping port for clustering.
+            service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+          labels:
+            app: "[[.ApplicationName]]"
+            application: "[[.ApplicationName]]"
+
       - spec:
           ports:
             - name: rest
@@ -262,6 +580,5 @@ others:
             name: "[[.ApplicationName]]-[[.Constants.Product]]index"
           port:
             targetPort: rest
-
 ## ES/AMQ END
 
diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go
index aa6be4724..0ed54faf4 100644
--- a/pkg/controller/kieapp/defaults/defaults_test.go
+++ b/pkg/controller/kieapp/defaults/defaults_test.go
@@ -230,6 +230,7 @@ func TestRhpamAuthoringHAEnvironment(t *testing.T) {
 	assert.Nil(t, err, "Error getting prod environment")
 
 	assert.Equal(t, "test-rhpamcentr", env.Console.DeploymentConfigs[0].ObjectMeta.Name)
+	assert.Equal(t, "test-amq", env.Others[0].StatefulSets[0].ObjectMeta.Name)
 	assert.Equal(t, fmt.Sprintf("rhpam%s-businesscentral-openshift", cr.Spec.CommonConfig.Version), env.Console.DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Image)
 	pingService := getService(env.Console.Services, "test-rhpamcentr-ping")
 	assert.Len(t, pingService.Spec.Ports, 1, "The ping service should have only one port")