summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-11-15 14:54:05 -0500
committerScott Dodson <sdodson@redhat.com>2016-11-15 16:10:38 -0500
commit6bcfbe1a8da9bd448135dfa951f04a1208794957 (patch)
tree30954e2901660bd402adade6f68107128b9cbf23 /roles
parentae607c8fb826ace56431b95a31f6b2796a11834c (diff)
downloadopenshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.gz
openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.bz2
openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.tar.xz
openshift-6bcfbe1a8da9bd448135dfa951f04a1208794957.zip
Add view permissions to hawkular sa
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_metrics/tasks/install.yml18
1 files changed, 18 insertions, 0 deletions
diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml
index 9601a5100..98e21375a 100644
--- a/roles/openshift_metrics/tasks/install.yml
+++ b/roles/openshift_metrics/tasks/install.yml
@@ -37,6 +37,24 @@
system:serviceaccount:openshift-infra:metrics-deployer
when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
+- name: Test hawkular view permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}'
+ register: view_rolebindings
+ changed_when: false
+
+- name: Add view permissions to hawkular SA
+ command: >
+ {{ openshift.common.client_binary }} adm
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-role-to-user view
+ system:serviceaccount:openshift-infra:hawkular
+ when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings"
+
- name: Test cluster-reader permissions
command: >
{{ openshift.common.client_binary }}