diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-11-07 10:27:39 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-07 10:27:39 -0800 |
commit | 2f9a48cec48fa064d30d6a88077c5ef75d2555ab (patch) | |
tree | c16b32a664288f029e1c2d6ddfad3dd31d31e0e0 /roles | |
parent | 1e8c678a7d17b7ab637a8c39f09f620280904a6d (diff) | |
parent | bf346be033565d36a84fd990a72d4fd9ad9be1a0 (diff) | |
download | openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.gz openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.bz2 openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.tar.xz openshift-2f9a48cec48fa064d30d6a88077c5ef75d2555ab.zip |
Merge pull request #6009 from dymurray/template
Automatic merge from submit-queue.
Update service broker configmap and serviceaccount privileges
Addresses Bugs https://bugzilla.redhat.com/show_bug.cgi?id=1503289 and https://bugzilla.redhat.com/show_bug.cgi?id=1507111
Diffstat (limited to 'roles')
-rw-r--r-- | roles/ansible_service_broker/tasks/install.yml | 14 | ||||
-rw-r--r-- | roles/ansible_service_broker/tasks/remove.yml | 6 |
2 files changed, 18 insertions, 2 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 926ed344e..90a4418fb 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -69,6 +69,9 @@ - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] - name: Create asb-access cluster role oc_clusterrole: @@ -404,8 +407,6 @@ - type: {{ ansible_service_broker_registry_type }} name: {{ ansible_service_broker_registry_name }} url: {{ ansible_service_broker_registry_url }} - user: {{ ansible_service_broker_registry_user }} - pass: {{ ansible_service_broker_registry_password }} org: {{ ansible_service_broker_registry_organization }} tag: {{ ansible_service_broker_registry_tag }} white_list: {{ ansible_service_broker_registry_whitelist }} @@ -442,6 +443,15 @@ - type: basic enabled: false +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: "{{ ansible_service_broker_registry_user }}" + - path: password + data: "{{ ansible_service_broker_registry_password }}" - name: Create the Broker resource in the catalog oc_obj: diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index 28dc967a0..a1ac740e0 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -46,6 +46,12 @@ resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + - name: remove asb-client token secret oc_secret: state: absent |