parent: 95fad259 | patch | commit | ignore whitespace
Wolfgang Kulhanek
2019-06-06 994a98429e198673de59e0eeae3bdc1f11463ec9 
Revert back to admin role. Re-order sequence of steps to grant role earlier.
2 files modified
11 ■■■■ changed files
ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml 9 ●●●● patch | view | raw | blame | history
ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2 2 ●●● patch | view | raw | blame | history 
 ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml


@@ -28,6 +28,7 @@


  - ./templates/operator_group.j2


  - ./templates/catalog_source.j2


  - ./templates/subscription.j2


  - ./templates/cluster_role_binding.j2




- name: Wait until CSV is Installed


  command: oc get csv "{{ _broker_subscription_csv }}" -o jsonpath --template='{.status.phase}' -n "{{ _broker_project }}"


@@ -45,14 +46,6 @@


    definition: "{{ lookup('template', item ) | from_yaml }}"


  loop:


  - ./templates/automation_broker.j2




- name: Grant Automation Broker Service Account admin permissions on all projects


  k8s:


    state: present


    merge_type:


    - strategic-merge


    - merge


    definition: "{{ lookup('template', './templates/cluster_role_binding.j2' ) | from_yaml }}"




# Leave this as the last task in the playbook.


- name: workload tasks complete




 ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2


@@ -5,7 +5,7 @@


roleRef:


  apiGroup: rbac.authorization.k8s.io


  kind: ClusterRole


  name: cluster-admin


  name: admin


subjects:


- kind: ServiceAccount


  name: openshift-ansible-service-broker-operator