ManageIQ Service Account: added role for ManageIQ service account

Signed-off-by: enoodle <efreiber@redhat.com>

1 files changed, 24 insertions, 0 deletions

diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
new file mode 100644
index 000000000..77e1c304b
--- /dev/null
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -0,0 +1,24 @@
+manageiq_cluster_role:
+    apiVersion: v1
+    kind: ClusterRole
+    metadata:
+      name: management-infra-admin
+    rules:
+    - resources:
+      - pods/proxy
+      verbs:
+      - '*'
+
+manageiq_service_account:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: management-admin
+
+manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
+
+manage_iq_tasks:
+    - policy add-role-to-user -n management-infra admin -z management-admin
+    - policy add-role-to-user -n management-infra management-infra-admin -z management-admin
+    - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin
+    - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin