csi: update RBACs needed for csi-omap-generator sidecar

ceph/ceph-csi/pull/4750 added a new controller that watches for the
VolumeGroupReplicationContent CR and regenerates the OMAP data.
This change needs RBACs for VolumeGroupReplicationContent and
VolumeGroupReplicationClass CR.

This commit updates the same for the `rbd-ctrlplugin-cr`
ClusterRole.

Signed-off-by: Praveen M <[email protected]>

config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml

@@ -63,3 +63,10 @@ rules:
   - apiGroups: ["groupsnapshot.storage.k8s.io"]
     resources: ["volumegroupsnapshotcontents/status"]
     verbs: ["update", "patch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationcontents"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["replication.storage.openshift.io"]
+    resources: ["volumegroupreplicationclasses"]
+    verbs: ["get", "list", "watch"]
+

deploy/all-in-one/install.yaml

@@ -15218,6 +15218,22 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

deploy/multifile/csi-rbac.yaml

@@ -690,6 +690,22 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole