From c45cbd3d18ff35dc814aaf617b09ea45bc88fb58 Mon Sep 17 00:00:00 2001
From: Dylan Murray <dymurray@redhat.com>
Date: Fri, 3 Nov 2017 15:30:05 -0400
Subject: Update service broker configmap and serviceaccount privileges

---
 roles/ansible_service_broker/tasks/install.yml | 14 ++++++++++++--
 roles/ansible_service_broker/tasks/remove.yml  |  6 ++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'roles/ansible_service_broker')

diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 89a84c4df..66de5289c 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -68,6 +68,9 @@
       - apiGroups: ["authentication.k8s.io"]
         resources: ["tokenreviews"]
         verbs: ["create"]
+      - apiGroups: ["image.openshift.io", ""]
+        resources: ["images"]
+        verbs: ["get", "list"]
 
 - name: Create asb-access cluster role
   oc_clusterrole:
@@ -307,8 +310,6 @@
               - type: {{ ansible_service_broker_registry_type }}
                 name: {{ ansible_service_broker_registry_name }}
                 url:  {{ ansible_service_broker_registry_url }}
-                user: {{ ansible_service_broker_registry_user }}
-                pass: {{ ansible_service_broker_registry_password }}
                 org:  {{ ansible_service_broker_registry_organization }}
                 tag:  {{ ansible_service_broker_registry_tag }}
                 white_list: {{ ansible_service_broker_registry_whitelist }}
@@ -340,6 +341,15 @@
                 - type: basic
                   enabled: false
 
+- oc_secret:
+    name: asb-registry-auth
+    namespace: openshift-ansible-service-broker
+    state: present
+    contents:
+      - path: username
+        data: {{ ansible_service_broker_registry_user }}
+      - path: password
+        data: {{ ansible_service_broker_registry_password }}
 
 - name: Create the Broker resource in the catalog
   oc_obj:
diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml
index 51b86fb26..c23a199df 100644
--- a/roles/ansible_service_broker/tasks/remove.yml
+++ b/roles/ansible_service_broker/tasks/remove.yml
@@ -46,6 +46,12 @@
     resource_name: asb-access
     user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
 
+- name: remove asb-registry auth secret
+  oc_secret:
+    state: absent
+    name: asb-registry-auth
+    namespace: openshift-ansible-service-broker
+
 - name: remove asb-client token secret
   oc_secret:
     state: absent
-- 
cgit v1.2.3


From bf346be033565d36a84fd990a72d4fd9ad9be1a0 Mon Sep 17 00:00:00 2001
From: Dylan Murray <dymurray@redhat.com>
Date: Fri, 3 Nov 2017 15:47:35 -0400
Subject: Proper quotes

---
 roles/ansible_service_broker/tasks/install.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/ansible_service_broker')

diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 66de5289c..0428b0ade 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -347,9 +347,9 @@
     state: present
     contents:
       - path: username
-        data: {{ ansible_service_broker_registry_user }}
+        data: "{{ ansible_service_broker_registry_user }}"
       - path: password
-        data: {{ ansible_service_broker_registry_password }}
+        data: "{{ ansible_service_broker_registry_password }}"
 
 - name: Create the Broker resource in the catalog
   oc_obj:
-- 
cgit v1.2.3