diff options
author | Scott Dodson <sdodson@redhat.com> | 2016-11-15 14:54:05 -0500 |
---|---|---|
committer | Scott Dodson <sdodson@redhat.com> | 2016-11-15 16:10:38 -0500 |
commit | 6bcfbe1a8da9bd448135dfa951f04a1208794957 (patch) | |
tree | 30954e2901660bd402adade6f68107128b9cbf23 | |
parent | ae607c8fb826ace56431b95a31f6b2796a11834c (diff) | |
download | openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.gz openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.bz2 openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.xz openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.zip |
Add view permissions to hawkular sa
-rw-r--r-- | roles/openshift_metrics/tasks/install.yml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml index 9601a5100..98e21375a 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_metrics/tasks/install.yml @@ -37,6 +37,24 @@ system:serviceaccount:openshift-infra:metrics-deployer when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" +- name: Test hawkular view permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}' + register: view_rolebindings + changed_when: false + +- name: Add view permissions to hawkular SA + command: > + {{ openshift.common.client_binary }} adm + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user view + system:serviceaccount:openshift-infra:hawkular + when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings" + - name: Test cluster-reader permissions command: > {{ openshift.common.client_binary }} |