Modify the rbac_role to make secrets accessible

In the process of secondary development, we found
that we often need to access secrets from pod.
However, it seems that helm-tookit does not support
adding resource of secrets to role. This commit
try to fix that.

Change-Id: If384d6ccb7672a8da5a5e1403733fa655dfe40dd

helm-toolkit/Chart.yaml

@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
-version: 0.2.19
+version: 0.2.20
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
 sources:

helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl

@@ -62,5 +62,8 @@ rules:
       - services
       - endpoints
       {{- end -}}
+      {{ if eq $v "secrets" }}
+      - secrets
+      {{- end -}}
       {{- end -}}
 {{- end -}}

helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl

@@ -57,6 +57,8 @@ metadata:
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
 {{- else if and (eq $k "pod") $v }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }}
+{{- else if and (eq $k "secret") $v }}
+{{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "secrets," ((index $allNamespace $saNamespace) | default "")) }}
 {{- end -}}
 {{- end -}}
 {{- $_ := unset $allNamespace $randomKey }}

releasenotes/notes/helm-toolkit.yaml

@@ -26,4 +26,5 @@ helm-toolkit:
   - 0.2.17 Update db backup/restore retry for sending to remote
   - 0.2.18 Make Rabbit-init job more robust
   - 0.2.19 Revoke all privileges for PUBLIC role in postgres dbs
+  - 0.2.20 Modify the template of rbac_role to make secrets accessible
 ...