Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Update service broker configmap and serviceaccount privileges

Dylan Murray 7 years ago
parent
6d8a25425e
commit
c45cbd3d18
2 changed files with 18 additions and 2 deletions
Split View Show Diff Stats
  1. 12 2
      roles/ansible_service_broker/tasks/install.yml
  2. 6 0
      roles/ansible_service_broker/tasks/remove.yml

+ 12 - 2
roles/ansible_service_broker/tasks/install.yml
View File 

@@ -68,6 +68,9 @@
 
       - apiGroups: ["authentication.k8s.io"]
 
         resources: ["tokenreviews"]
 
         verbs: ["create"]
 
+      - apiGroups: ["image.openshift.io", ""]
 
+        resources: ["images"]
 
+        verbs: ["get", "list"]
 
 
 - name: Create asb-access cluster role
 
   oc_clusterrole:
 
@@ -307,8 +310,6 @@
 
               - type: {{ ansible_service_broker_registry_type }}
 
                 name: {{ ansible_service_broker_registry_name }}
 
                 url:  {{ ansible_service_broker_registry_url }}
 
-                user: {{ ansible_service_broker_registry_user }}
 
-                pass: {{ ansible_service_broker_registry_password }}
 
                 org:  {{ ansible_service_broker_registry_organization }}
 
                 tag:  {{ ansible_service_broker_registry_tag }}
 
                 white_list: {{ ansible_service_broker_registry_whitelist }}
 
@@ -340,6 +341,15 @@
 
                 - type: basic
 
                   enabled: false
 
 
+- oc_secret:
 
+    name: asb-registry-auth
 
+    namespace: openshift-ansible-service-broker
 
+    state: present
 
+    contents:
 
+      - path: username
 
+        data: {{ ansible_service_broker_registry_user }}
 
+      - path: password
 
+        data: {{ ansible_service_broker_registry_password }}
 
 
 - name: Create the Broker resource in the catalog
 
   oc_obj:

+ 6 - 0
roles/ansible_service_broker/tasks/remove.yml
View File 

@@ -46,6 +46,12 @@
 
     resource_name: asb-access
 
     user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
 
 
+- name: remove asb-registry auth secret
 
+  oc_secret:
 
+    state: absent
 
+    name: asb-registry-auth
 
+    namespace: openshift-ansible-service-broker
 
+
 
 - name: remove asb-client token secret
 
   oc_secret:
 
     state: absent