diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-07-14 15:27:07 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-14 15:27:07 -0400 |
| commit | 2476720c314f8e20cf53e4c622bcd50e432f8d01 (patch) | |
| tree | 6c9dd45632696a85a6cfac9db2f00e7a166f8d1d /roles | |
| parent | bc97ca2b93d7fb8487a409fafd99397aa21e0e64 (diff) | |
| parent | 61be9961c467758264519058369bd2a589c10e94 (diff) | |
| download | openshift-2476720c314f8e20cf53e4c622bcd50e432f8d01.tar.gz openshift-2476720c314f8e20cf53e4c622bcd50e432f8d01.tar.bz2 openshift-2476720c314f8e20cf53e4c622bcd50e432f8d01.tar.xz openshift-2476720c314f8e20cf53e4c622bcd50e432f8d01.zip | |
Merge pull request #4765 from ewolinetz/service_catalog_console_roles
Adding in permissions to edit and admin cluster roles
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/openshift_service_catalog/tasks/install.yml | 34 | ||||
| -rw-r--r-- | roles/openshift_service_catalog/templates/sc_role_patching.j2 | 26 |
2 files changed, 60 insertions, 0 deletions
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 1f9ecc2b8..de7511f71 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -66,6 +66,40 @@ template_name: kube-system-service-catalog namespace: kube-system +- oc_obj: + name: edit + kind: clusterrole + state: list + register: edit_yaml + +- name: Generate apply template for clusterrole/edit + template: + src: sc_role_patching.j2 + dest: "{{ mktemp.stdout }}/edit_sc_patch.yml" + vars: + original_content: "{{ edit_yaml.results.results[0] | to_yaml }}" + +- name: update edit role for service catalog and pod preset access + command: > + oc apply -f {{ mktemp.stdout }}/edit_sc_patch.yml + +- oc_obj: + name: admin + kind: clusterrole + state: list + register: admin_yaml + +- name: Generate apply template for clusterrole/admin + template: + src: sc_role_patching.j2 + dest: "{{ mktemp.stdout }}/admin_sc_patch.yml" + vars: + original_content: "{{ admin_yaml.results.results[0] | to_yaml }}" + +- name: update admin role for service catalog and pod preset access + command: > + oc apply -f {{ mktemp.stdout }}/admin_sc_patch.yml + - shell: > oc get policybindings/kube-system:default -n kube-system || echo "not found" register: get_kube_system diff --git a/roles/openshift_service_catalog/templates/sc_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_role_patching.j2 new file mode 100644 index 000000000..69b062b3f --- /dev/null +++ b/roles/openshift_service_catalog/templates/sc_role_patching.j2 @@ -0,0 +1,26 @@ +{{ original_content }} +- apiGroups: + - "servicecatalog.k8s.io" + attributeRestrictions: null + resources: + - instances + - bindings + verbs: + - create + - update + - delete + - get + - list + - watch +- apiGroups: + - "settings.k8s.io" + attributeRestrictions: null + resources: + - podpresets + verbs: + - create + - update + - delete + - get + - list + - watch |