Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #6009 from dymurray/template

Automatic merge from submit-queue.

Update service broker configmap and serviceaccount privileges

Addresses Bugs https://bugzilla.redhat.com/show_bug.cgi?id=1503289 and https://bugzilla.redhat.com/show_bug.cgi?id=1507111
OpenShift Merge Robot 7 years ago
parent
1e8c678a7d bf346be033
commit
2f9a48cec4
2 changed files with 18 additions and 2 deletions
Split View Show Diff Stats
  1. 12 2
      roles/ansible_service_broker/tasks/install.yml
  2. 6 0
      roles/ansible_service_broker/tasks/remove.yml

+ 12 - 2
roles/ansible_service_broker/tasks/install.yml
View File 

@@ -69,6 +69,9 @@
 
       - apiGroups: ["authentication.k8s.io"]
 
         resources: ["tokenreviews"]
 
         verbs: ["create"]
 
+      - apiGroups: ["image.openshift.io", ""]
 
+        resources: ["images"]
 
+        verbs: ["get", "list"]
 
 
 - name: Create asb-access cluster role
 
   oc_clusterrole:
 
@@ -404,8 +407,6 @@
 
               - type: {{ ansible_service_broker_registry_type }}
 
                 name: {{ ansible_service_broker_registry_name }}
 
                 url:  {{ ansible_service_broker_registry_url }}
 
-                user: {{ ansible_service_broker_registry_user }}
 
-                pass: {{ ansible_service_broker_registry_password }}
 
                 org:  {{ ansible_service_broker_registry_organization }}
 
                 tag:  {{ ansible_service_broker_registry_tag }}
 
                 white_list: {{ ansible_service_broker_registry_whitelist }}
 
@@ -442,6 +443,15 @@
 
                 - type: basic
 
                   enabled: false
 
 
+- oc_secret:
 
+    name: asb-registry-auth
 
+    namespace: openshift-ansible-service-broker
 
+    state: present
 
+    contents:
 
+      - path: username
 
+        data: "{{ ansible_service_broker_registry_user }}"
 
+      - path: password
 
+        data: "{{ ansible_service_broker_registry_password }}"
 
 
 - name: Create the Broker resource in the catalog
 
   oc_obj:

+ 6 - 0
roles/ansible_service_broker/tasks/remove.yml
View File 

@@ -46,6 +46,12 @@
 
     resource_name: asb-access
 
     user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
 
 
+- name: remove asb-registry auth secret
 
+  oc_secret:
 
+    state: absent
 
+    name: asb-registry-auth
 
+    namespace: openshift-ansible-service-broker
 
+
 
 - name: remove asb-client token secret
 
   oc_secret:
 
     state: absent