From 76e771d76f7c1d9699f8ab4570aad7709705cb68 Mon Sep 17 00:00:00 2001
From: Jirka Kremser <jiri.kremser@gmail.com>
Date: Fri, 24 May 2024 17:36:45 +0200
Subject: [PATCH 1/2] Create rolebinding for .Release.Namespace implicitly

Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
---
 keda/templates/manager/clusterrolebindings.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/keda/templates/manager/clusterrolebindings.yaml b/keda/templates/manager/clusterrolebindings.yaml
index fa83bcec..a9cc0d7e 100644
--- a/keda/templates/manager/clusterrolebindings.yaml
+++ b/keda/templates/manager/clusterrolebindings.yaml
@@ -20,7 +20,8 @@ subjects:
   name: {{ (.Values.serviceAccount.operator).name | default .Values.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
 {{- else }}
-  {{- range ( split "," .Values.watchNamespace ) }}
+  {{- $namespaces := append (splitList "," .Values.watchNamespace) .Release.Namespace -}}
+  {{- range $namespaces }}
 ---
 # Role binding for namespace '{{ . }}'
 apiVersion: rbac.authorization.k8s.io/v1

From 6228592f9bf9d4098aa82ca95278ea0c0024454f Mon Sep 17 00:00:00 2001
From: Jirka Kremser <jiri.kremser@gmail.com>
Date: Wed, 19 Jun 2024 11:06:08 +0200
Subject: [PATCH 2/2] Operator should be able to list and watch secrets in the
 release ns (certs)

Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
---
 keda/templates/manager/minimal-rbac.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/keda/templates/manager/minimal-rbac.yaml b/keda/templates/manager/minimal-rbac.yaml
index bc762161..1b5a0ca4 100644
--- a/keda/templates/manager/minimal-rbac.yaml
+++ b/keda/templates/manager/minimal-rbac.yaml
@@ -34,6 +34,10 @@ rules:
   verbs:
   - create
   - update
+{{- if .Values.permissions.operator.restrict.secret }}
+  - list
+  - watch
+{{- end }}
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1