From de9f65fcdf80dc47babcbc11e85a4d258fca958b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= <lucas.kaldstrom@upbound.io>
Date: Wed, 14 Aug 2024 16:56:59 +0300
Subject: [PATCH] Add secrets.crossplane.io grant rules to RBAC manager roles
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucas Käldström <lucas.kaldstrom@upbound.io>
(cherry picked from commit 81074a1e1d21eeedacdc3593c0b2ecf3d67c4dc6)
---
 .../templates/rbac-manager-managed-clusterroles.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml
index 2ddd200c7..c8ad21be5 100644
--- a/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml
+++ b/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml
@@ -103,6 +103,10 @@ rules:
   - pkg.crossplane.io
   resources: ["*"]
   verbs: ["*"]
+- apiGroups:
+  - secrets.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
 # Crossplane administrators have access to view CRDs in order to debug XRDs.
 - apiGroups: [apiextensions.k8s.io]
   resources: [customresourcedefinitions]
@@ -139,6 +143,10 @@ rules:
   - pkg.crossplane.io
   resources: ["*"]
   verbs: ["*"]
+- apiGroups:
+  - secrets.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -166,6 +174,10 @@ rules:
   - pkg.crossplane.io
   resources: ["*"]
   verbs: [get, list, watch]
+- apiGroups:
+  - secrets.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole