From 9c7d9232a8c3c15e5c810738e9e3db91372f0687 Mon Sep 17 00:00:00 2001
From: facchettos <facchettos@gmail.com>
Date: Thu, 5 Sep 2024 16:12:35 +0200
Subject: [PATCH] added cluster store syncing

---
 chart/templates/clusterrole.yaml  |  5 +++++
 chart/tests/clusterrole_test.yaml | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml
index a740cb722..e54c4c8d9 100644
--- a/chart/templates/clusterrole.yaml
+++ b/chart/templates/clusterrole.yaml
@@ -122,6 +122,11 @@ rules:
     resources: ["customresourcedefinitions"]
     verbs: ["get", "list", "watch"]
   {{- end }}
+  {{- if and .Values.integrations.externalSecrets.enabled .Values.integrations.externalSecrets.sync.clusterStores.enabled }}
+  - apiGroups: ["external-secrets.io"]
+    resources: ["clustersecretstores"]
+    verbs: ["get", "list", "watch"]
+  {{- end }}
   {{- include "vcluster.customResourceDefinitions.clusterRoleExtraRules" . | indent 2 }}
   {{- include "vcluster.plugin.clusterRoleExtraRules" . | indent 2 }}
   {{- include "vcluster.generic.clusterRoleExtraRules" . | indent 2 }}
diff --git a/chart/tests/clusterrole_test.yaml b/chart/tests/clusterrole_test.yaml
index 38ce17565..087fcbc3d 100644
--- a/chart/tests/clusterrole_test.yaml
+++ b/chart/tests/clusterrole_test.yaml
@@ -395,3 +395,22 @@ tests:
             apiGroups: [ "apiextensions.k8s.io" ]
             resources: [ "customresourcedefinitions" ]
             verbs: [ "get", "list", "watch" ]
+  - it: eso clusterstore sync
+    set:
+      integrations:
+        externalSecrets:
+          sync:
+            clusterStores:
+              enabled: true
+    release:
+      name: my-release
+      namespace: my-namespace
+    asserts:
+      - hasDocuments:
+          count: 1
+      - contains:
+          path: rules
+          content:
+            apiGroups: [ "external-secrets.io" ]
+            resources: [ "clustersecretstores" ]
+            verbs: [ "get", "list", "watch" ]