summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorMooli Tayer <mtayer@redhat.com>2016-04-10 16:54:53 +0300
committerMooli Tayer <mtayer@redhat.com>2016-05-03 20:23:05 +0300
commit6d55d92799f40a0f2b9c67ef89802deed22ea34e (patch)
tree076ebba832de6cd82dc48c14cbabb617f1580834 /roles
parent04b52454275572f9d09e76c6ce46bdd60aa46c72 (diff)
downloadopenshift-6d55d92799f40a0f2b9c67ef89802deed22ea34e.tar.gz
openshift-6d55d92799f40a0f2b9c67ef89802deed22ea34e.tar.bz2
openshift-6d55d92799f40a0f2b9c67ef89802deed22ea34e.tar.xz
openshift-6d55d92799f40a0f2b9c67ef89802deed22ea34e.zip
Add system:image-auditor role to ManageIQ SA
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml10
-rw-r--r--roles/openshift_manageiq/vars/main.yml3
2 files changed, 13 insertions, 0 deletions
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index 2a651df65..de0a7000e 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -59,6 +59,16 @@
failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
changed_when: osmiq_perm_task.rc == 0
+- name: Configure 3_2 role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{manage_iq_tmp_conf}}
+ with_items: "{{manage_iq_openshift_3_2_tasks}}"
+ register: osmiq_perm_3_2_task
+ failed_when: osmiq_perm_3_2_task.rc != 0
+ changed_when: osmiq_perm_3_2_task.rc == 0
+ when: openshift.common.version_gte_3_2_or_1_2 | bool
+
- name: Clean temporary configuration file
command: >
rm -f {{manage_iq_tmp_conf}}
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 69ee2cb4c..b2aed79c7 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -30,3 +30,6 @@ manage_iq_tasks:
- policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin
- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin
+
+manage_iq_openshift_3_2_tasks:
+ - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin