diff options
author | Ryan Hallisey <rhallise@redhat.com> | 2017-07-11 13:36:02 -0400 |
---|---|---|
committer | Ryan Hallisey <rhallise@redhat.com> | 2017-07-13 18:17:36 -0400 |
commit | 09aadeef84c1277fbbd4b114eb3270261456f5e3 (patch) | |
tree | 9c4f0e7b14f59a161bd4abeaebf245265477e8c9 | |
parent | ac94a653f1f971aa84916224a831457dad86b0f6 (diff) | |
download | openshift-09aadeef84c1277fbbd4b114eb3270261456f5e3.tar.gz openshift-09aadeef84c1277fbbd4b114eb3270261456f5e3.tar.bz2 openshift-09aadeef84c1277fbbd4b114eb3270261456f5e3.tar.xz openshift-09aadeef84c1277fbbd4b114eb3270261456f5e3.zip |
Add an SA policy to the ansible-service-broker
We are not adding a role to the service account after creation.
The ansible-service-broker will require cluster-admin permissions
because we do things like: creating service accounts, projects,
and pods.
-rw-r--r-- | roles/ansible_service_broker/tasks/install.yml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 65dffc89b..58b3eb859 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -42,6 +42,14 @@ namespace: openshift-ansible-service-broker state: present +- name: Set SA cluster-role + oc_adm_policy_user: + state: present + namespace: "openshift-ansible-service-broker" + resource_kind: cluster-role + resource_name: cluster-admin + user: "system:serviceaccount:openshift-ansible-service-broker:asb" + - name: create ansible-service-broker service oc_service: name: asb |