From b6aa92920f4948640efff39e762ac5c066b5b282 Mon Sep 17 00:00:00 2001
From: Daniel Clarke <u8sand@gmail.com>
Date: Thu, 28 Apr 2022 01:50:58 -0400
Subject: [PATCH] Fixes #75 (#76)

* Apply #59 when rbac.clusterRole is false

* Fixes #75
---
 .../templates/role.yaml                       | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/deploy/helm-chart/kubernetes-secret-generator/templates/role.yaml b/deploy/helm-chart/kubernetes-secret-generator/templates/role.yaml
index 0c123c5d..3425696c 100644
--- a/deploy/helm-chart/kubernetes-secret-generator/templates/role.yaml
+++ b/deploy/helm-chart/kubernetes-secret-generator/templates/role.yaml
@@ -49,6 +49,22 @@ rules:
       - ""
     resources:
       - secrets
+    verbs:
+      - get
+      - create
+      - list
+      - watch
+      - update
+  # Permissions to access CRDs in this namespace if no cluster role is created.
+  - apiGroups:
+      - secretgenerator.mittwald.de
+    resources:
+      - basicauths
+      - basicauths/status
+      - sshkeypairs
+      - sshkeypairs/status
+      - stringsecrets
+      - stringsecrets/status
     verbs:
       - get
       - list
@@ -92,6 +108,22 @@ rules:
       - ""
     resources:
       - secrets
+    verbs:
+      - get
+      - create
+      - list
+      - watch
+      - update
+  # Permissions to access CRDs in this namespace if no cluster role is created.
+  - apiGroups:
+      - secretgenerator.mittwald.de
+    resources:
+      - basicauths
+      - basicauths/status
+      - sshkeypairs
+      - sshkeypairs/status
+      - stringsecrets
+      - stringsecrets/status
     verbs:
       - get
       - list