From 6f8c3816f4475a028523ffd6171e3323e2913c04 Mon Sep 17 00:00:00 2001
From: stefanprodan <stefan.prodan@gmail.com>
Date: Fri, 18 Sep 2020 15:48:50 +0300
Subject: [PATCH] Add secrets read-only access to RBAC

---
 config/rbac/role.yaml            | 8 ++++++++
 controllers/bucket_controller.go | 1 +
 2 files changed, 9 insertions(+)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index a6020f2b..c1cf16ab 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -13,6 +13,14 @@ rules:
   verbs:
   - create
   - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - source.toolkit.fluxcd.io
   resources:
diff --git a/controllers/bucket_controller.go b/controllers/bucket_controller.go
index 51b4d81d..15798a58 100644
--- a/controllers/bucket_controller.go
+++ b/controllers/bucket_controller.go
@@ -56,6 +56,7 @@ type BucketReconciler struct {
 
 // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=buckets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=buckets/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 
 func (r *BucketReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()