From 497c01b5aa249eced1df4ba5a05c88a68df7591d Mon Sep 17 00:00:00 2001
From: Erez Freiberger <efreiber@redhat.com>
Date: Sun, 18 Jun 2017 18:30:50 +0300
Subject: adding pods/logs to manageiq role

This will allow manageiq to read the logs from elasticsearch
in the logging project.

Also, adding role to correct user and as clusterrole
---
 roles/openshift_manageiq/tasks/main.yaml | 6 ++++++
 roles/openshift_manageiq/vars/main.yml   | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'roles/openshift_manageiq')

diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index cfc4e2722..7789d2232 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -21,6 +21,12 @@
   oc_clusterrole:
     name: management-infra-admin
     rules:
+    - apiGroups:
+      - ""
+      resources:
+      - pods/log
+      verbs:
+      - "get"
     - apiGroups:
       - ""
       resources:
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 15d667628..7ccc2fc3b 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -3,9 +3,9 @@ manage_iq_tasks:
 - resource_kind: role
   resource_name: admin
   user: management-admin
-- resource_kind: role
+- resource_kind: cluster-role
   resource_name: management-infra-admin
-  user: management-admin
+  user: system:serviceaccount:management-infra:management-admin
 - resource_kind: cluster-role
   resource_name: cluster-reader
   user: system:serviceaccount:management-infra:management-admin
-- 
cgit v1.2.1