From cfba940f3b19b54ba2fef29c504d3b03d0fcf8c8 Mon Sep 17 00:00:00 2001
From: Gerrit <tirreg91@googlemail.com>
Date: Thu, 14 Nov 2024 16:31:48 +0100
Subject: [PATCH] Add RBAC permissions for reading secrets.

---
 config/rbac/role.yaml                               | 8 ++++++++
 internal/controller/metalstackmachine_controller.go | 1 +
 2 files changed, 9 insertions(+)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 5e6adf2..b8514d4 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -4,6 +4,14 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
diff --git a/internal/controller/metalstackmachine_controller.go b/internal/controller/metalstackmachine_controller.go
index 0454187..60cc1f9 100644
--- a/internal/controller/metalstackmachine_controller.go
+++ b/internal/controller/metalstackmachine_controller.go
@@ -72,6 +72,7 @@ type machineReconciler struct {
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=metalstackmachines,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=metalstackmachines/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=metalstackmachines/finalizers,verbs=update
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.