summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2017-11-07 10:27:39 -0800
committerGitHub <noreply@github.com>2017-11-07 10:27:39 -0800
commit2f9a48cec48fa064d30d6a88077c5ef75d2555ab (patch)
treec16b32a664288f029e1c2d6ddfad3dd31d31e0e0 /roles
parent1e8c678a7d17b7ab637a8c39f09f620280904a6d (diff)
parentbf346be033565d36a84fd990a72d4fd9ad9be1a0 (diff)
downloadopenshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.gz
openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.bz2
openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.xz
openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.zip
Merge pull request #6009 from dymurray/template
Automatic merge from submit-queue. Update service broker configmap and serviceaccount privileges Addresses Bugs https://bugzilla.redhat.com/show_bug.cgi?id=1503289 and https://bugzilla.redhat.com/show_bug.cgi?id=1507111
Diffstat (limited to 'roles')
-rw-r--r--roles/ansible_service_broker/tasks/install.yml14
-rw-r--r--roles/ansible_service_broker/tasks/remove.yml6
2 files changed, 18 insertions, 2 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 926ed344e..90a4418fb 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -69,6 +69,9 @@
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
+ - apiGroups: ["image.openshift.io", ""]
+ resources: ["images"]
+ verbs: ["get", "list"]
- name: Create asb-access cluster role
oc_clusterrole:
@@ -404,8 +407,6 @@
- type: {{ ansible_service_broker_registry_type }}
name: {{ ansible_service_broker_registry_name }}
url: {{ ansible_service_broker_registry_url }}
- user: {{ ansible_service_broker_registry_user }}
- pass: {{ ansible_service_broker_registry_password }}
org: {{ ansible_service_broker_registry_organization }}
tag: {{ ansible_service_broker_registry_tag }}
white_list: {{ ansible_service_broker_registry_whitelist }}
@@ -442,6 +443,15 @@
- type: basic
enabled: false
+- oc_secret:
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+ state: present
+ contents:
+ - path: username
+ data: "{{ ansible_service_broker_registry_user }}"
+ - path: password
+ data: "{{ ansible_service_broker_registry_password }}"
- name: Create the Broker resource in the catalog
oc_obj:
diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml
index 28dc967a0..a1ac740e0 100644
--- a/roles/ansible_service_broker/tasks/remove.yml
+++ b/roles/ansible_service_broker/tasks/remove.yml
@@ -46,6 +46,12 @@
resource_name: asb-access
user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
+- name: remove asb-registry auth secret
+ oc_secret:
+ state: absent
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+
- name: remove asb-client token secret
oc_secret:
state: absent