From 994a98429e198673de59e0eeae3bdc1f11463ec9 Mon Sep 17 00:00:00 2001
From: Wolfgang Kulhanek <WolfgangKulhanek@gmail.com>
Date: Thu, 06 Jun 2019 21:51:00 +0200
Subject: [PATCH] Revert back to admin role. Re-order sequence of steps to grant role earlier.

---
 ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2 |    2 +-
 ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml                |    9 +--------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml b/ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml
index f3f2d91..d15ec4b 100644
--- a/ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml
+++ b/ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml
@@ -28,6 +28,7 @@
   - ./templates/operator_group.j2
   - ./templates/catalog_source.j2
   - ./templates/subscription.j2
+  - ./templates/cluster_role_binding.j2
 
 - name: Wait until CSV is Installed
   command: oc get csv "{{ _broker_subscription_csv }}" -o jsonpath --template='{.status.phase}' -n "{{ _broker_project }}"
@@ -45,14 +46,6 @@
     definition: "{{ lookup('template', item ) | from_yaml }}"
   loop:
   - ./templates/automation_broker.j2
-
-- name: Grant Automation Broker Service Account admin permissions on all projects
-  k8s:
-    state: present
-    merge_type:
-    - strategic-merge
-    - merge
-    definition: "{{ lookup('template', './templates/cluster_role_binding.j2' ) | from_yaml }}"
 
 # Leave this as the last task in the playbook.
 - name: workload tasks complete
diff --git a/ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2 b/ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2
index 3864641..425ad8d 100644
--- a/ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2
+++ b/ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2
@@ -5,7 +5,7 @@
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: admin
 subjects:
 - kind: ServiceAccount
   name: openshift-ansible-service-broker-operator

--
Gitblit v1.9.3