From c45cbd3d18ff35dc814aaf617b09ea45bc88fb58 Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Fri, 3 Nov 2017 15:30:05 -0400 Subject: Update service broker configmap and serviceaccount privileges --- roles/ansible_service_broker/tasks/install.yml | 14 ++++++++++++-- roles/ansible_service_broker/tasks/remove.yml | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 89a84c4df..66de5289c 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -68,6 +68,9 @@ - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] - name: Create asb-access cluster role oc_clusterrole: @@ -307,8 +310,6 @@ - type: {{ ansible_service_broker_registry_type }} name: {{ ansible_service_broker_registry_name }} url: {{ ansible_service_broker_registry_url }} - user: {{ ansible_service_broker_registry_user }} - pass: {{ ansible_service_broker_registry_password }} org: {{ ansible_service_broker_registry_organization }} tag: {{ ansible_service_broker_registry_tag }} white_list: {{ ansible_service_broker_registry_whitelist }} @@ -340,6 +341,15 @@ - type: basic enabled: false +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: {{ ansible_service_broker_registry_user }} + - path: password + data: {{ ansible_service_broker_registry_password }} - name: Create the Broker resource in the catalog oc_obj: diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index 51b86fb26..c23a199df 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -46,6 +46,12 @@ resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + - name: remove asb-client token secret oc_secret: state: absent -- cgit v1.2.3