From 6bcfbe1a8da9bd448135dfa951f04a1208794957 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 15 Nov 2016 14:54:05 -0500 Subject: Add view permissions to hawkular sa --- roles/openshift_metrics/tasks/install.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'roles') diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml index 9601a5100..98e21375a 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_metrics/tasks/install.yml @@ -37,6 +37,24 @@ system:serviceaccount:openshift-infra:metrics-deployer when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" +- name: Test hawkular view permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}' + register: view_rolebindings + changed_when: false + +- name: Add view permissions to hawkular SA + command: > + {{ openshift.common.client_binary }} adm + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user view + system:serviceaccount:openshift-infra:hawkular + when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings" + - name: Test cluster-reader permissions command: > {{ openshift.common.client_binary }} -- cgit v1.2.3