summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Murray <dymurray@redhat.com>2017-11-03 15:30:05 -0400
committerDylan Murray <dymurray@redhat.com>2017-11-03 15:45:36 -0400
commitc45cbd3d18ff35dc814aaf617b09ea45bc88fb58 (patch)
tree06f4accd6e99bd7b165c799d5e964058a1d830b9
parent6d8a25425e0b011ac5bd6c54dca2a61f56e356c6 (diff)
downloadopenshift-c45cbd3d18ff35dc814aaf617b09ea45bc88fb58.tar.gz
openshift-c45cbd3d18ff35dc814aaf617b09ea45bc88fb58.tar.bz2
openshift-c45cbd3d18ff35dc814aaf617b09ea45bc88fb58.tar.xz
openshift-c45cbd3d18ff35dc814aaf617b09ea45bc88fb58.zip
Update service broker configmap and serviceaccount privileges
-rw-r--r--roles/ansible_service_broker/tasks/install.yml14
-rw-r--r--roles/ansible_service_broker/tasks/remove.yml6
2 files changed, 18 insertions, 2 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 89a84c4df..66de5289c 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -68,6 +68,9 @@
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
+ - apiGroups: ["image.openshift.io", ""]
+ resources: ["images"]
+ verbs: ["get", "list"]
- name: Create asb-access cluster role
oc_clusterrole:
@@ -307,8 +310,6 @@
- type: {{ ansible_service_broker_registry_type }}
name: {{ ansible_service_broker_registry_name }}
url: {{ ansible_service_broker_registry_url }}
- user: {{ ansible_service_broker_registry_user }}
- pass: {{ ansible_service_broker_registry_password }}
org: {{ ansible_service_broker_registry_organization }}
tag: {{ ansible_service_broker_registry_tag }}
white_list: {{ ansible_service_broker_registry_whitelist }}
@@ -340,6 +341,15 @@
- type: basic
enabled: false
+- oc_secret:
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+ state: present
+ contents:
+ - path: username
+ data: {{ ansible_service_broker_registry_user }}
+ - path: password
+ data: {{ ansible_service_broker_registry_password }}
- name: Create the Broker resource in the catalog
oc_obj:
diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml
index 51b86fb26..c23a199df 100644
--- a/roles/ansible_service_broker/tasks/remove.yml
+++ b/roles/ansible_service_broker/tasks/remove.yml
@@ -46,6 +46,12 @@
resource_name: asb-access
user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
+- name: remove asb-registry auth secret
+ oc_secret:
+ state: absent
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+
- name: remove asb-client token secret
oc_secret:
state: absent