From b3f5506b1b4811e4a32a6c83317b0729025dd7f0 Mon Sep 17 00:00:00 2001
From: Samuel Chou <sam.chou@windystudios.com>
Date: Tue, 20 Dec 2022 09:58:56 -0800
Subject: [PATCH 1/2] Allow service account annotations in helm chart

---
 .../secrets-store-csi-driver-provider-aws/templates/rbac.yaml | 4 ++++
 charts/secrets-store-csi-driver-provider-aws/values.yaml      | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml b/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
index c6ccc82..477b7c4 100644
--- a/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
+++ b/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
@@ -41,4 +41,8 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
 {{ include "provider.labels" . | indent 4 }}
+  {{- with .Values.rbac.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}
diff --git a/charts/secrets-store-csi-driver-provider-aws/values.yaml b/charts/secrets-store-csi-driver-provider-aws/values.yaml
index 30e7e30..a95d962 100644
--- a/charts/secrets-store-csi-driver-provider-aws/values.yaml
+++ b/charts/secrets-store-csi-driver-provider-aws/values.yaml
@@ -29,6 +29,8 @@ updateStrategy:
 
 rbac:
   install: true
+  serviceAccount:
+    annotations: {}
 
 securityContext:
   privileged: false

From 4be3d642994315f06693e136722718fbe796b78e Mon Sep 17 00:00:00 2001
From: Samuel Chou <sam.chou@windystudios.com>
Date: Tue, 20 Dec 2022 12:05:02 -0800
Subject: [PATCH 2/2] Add secrets permissions to clusterrole

---
 .../templates/rbac.yaml                                   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml b/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
index 477b7c4..3a111ab 100644
--- a/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
+++ b/charts/secrets-store-csi-driver-provider-aws/templates/rbac.yaml
@@ -33,6 +33,14 @@ rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - create
 ---
 apiVersion: v1
 kind: ServiceAccount