Przeglądaj źródła

Add view permissions to hawkular sa

Scott Dodson 8 lat temu
rodzic
commit
6bcfbe1a8d
1 zmienionych plików z 18 dodań i 0 usunięć
  1. 18 0
      roles/openshift_metrics/tasks/install.yml

+ 18 - 0
roles/openshift_metrics/tasks/install.yml

@@ -37,6 +37,24 @@
     system:serviceaccount:openshift-infra:metrics-deployer
   when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
 
+- name: Test hawkular view permissions
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}'
+  register: view_rolebindings
+  changed_when: false
+
+- name: Add view permissions to hawkular SA
+  command: >
+      {{ openshift.common.client_binary }} adm
+      --config={{ openshift_metrics_kubeconfig }}
+      --namespace openshift-infra
+      policy add-role-to-user view
+      system:serviceaccount:openshift-infra:hawkular
+  when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings"
+
 - name: Test cluster-reader permissions
   command: >
     {{ openshift.common.client_binary }}