From 451cda14885f078b74b3c768d01ab830c0d8c188 Mon Sep 17 00:00:00 2001
From: Ondrej Vasko <ondrej.vaskoo@gmail.com>
Date: Tue, 7 Nov 2023 13:21:22 +0100
Subject: [PATCH] Add missing RBAC and error handler for secret update

Signed-off-by: Ondrej Vasko <ondrej.vaskoo@gmail.com>
---
 chart/templates/rbac.yaml | 2 ++
 main.go                   | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml
index 9bb928d..f2d1ad2 100644
--- a/chart/templates/rbac.yaml
+++ b/chart/templates/rbac.yaml
@@ -25,11 +25,13 @@ rules:
       - get
       - create
       - watch
+      - update
   - apiGroups: [""]
     resources:
       - namespaces
     verbs:
       - watch
+      - list
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/main.go b/main.go
index 1ab4c60..04e7c8d 100644
--- a/main.go
+++ b/main.go
@@ -58,7 +58,14 @@ func watchSourceSecret(client *kubernetes.Clientset, watchApi watchapi.Interface
 						logger.Info("Skip updating secret in source namespace")
 						continue
 					}
-					helpers.UpdateExistingSecret(client, logger, event.Object.(*v1.Secret), sourceSecretName, ns.Name)
+					err = helpers.UpdateExistingSecret(client, logger, event.Object.(*v1.Secret), sourceSecretName, ns.Name)
+					if err != nil {
+						logger.Error("failed to update secret",
+							zap.String("name", sourceSecretName),
+							zap.String("namespace", ns.Name),
+							zap.Error(err),
+						)
+					}
 				}
 			}
 		}