From 15ffa4808276f231d25cabe37173dfc48495a4fe Mon Sep 17 00:00:00 2001
From: Praveen M <m.praveen@ibm.com>
Date: Wed, 8 Jan 2025 13:54:52 +0530
Subject: [PATCH] helm: add RBACS for replication.storage.openshift.io

VolumeGroupReplicationContent controller needs `get`, `list` and `watch`
access control for resource `VolumeGroupReplicationContents`. And `get`
access control for resource `VolumeGroupReplicationClasses`.

Signed-off-by: Praveen M <m.praveen@ibm.com>
---
 charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
index b2c01ae6250..61cf7f8518c 100644
--- a/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-clusterrole.yaml
@@ -29,6 +29,12 @@ rules:
   - apiGroups: [""]
     resources: ["endpoints"]
     verbs: ["get", "create", "update"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationcontents"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationclasses"]
+    verbs: ["get", "list", "watch"]
 {{- if .Values.provisioner.attacher.enabled }}
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]