WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 19:42:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

break out osbs_worker and osbs_orchestrator namespace perms

Browse Source 
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit is contained in:
Adam Miller
2017-08-04 14:55:45 +00:00
parent a3b31cc39d
commit c77d72e98c
2 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
inventory/group_vars/osbs-stg
View File

@@ -91,15 +91,27 @@ kubeconfig_path: /etc/origin/master/admin.kubeconfig
osbs_env:
HOME: "{{ lookup('env', 'HOME') }}"
KUBECONFIG: "{{ osbs_kubeconfig_path }}"
os_readonly_users:
- "system:serviceaccount:{{ osbs_namespace }}:metrics"
os_readonly_groups:
osbs_orchestrator_readonly_users:
- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:metrics"
osbs_orchestrator_readonly_groups:
- "system:authenticated"
os_readwrite_groups: []
os_readwrite_users:
osbs_orchestrator_readwrite_groups: []
osbs_orchestrator_readwrite_users:
- "{{ ansible_hostname }}"
- "system:serviceaccount:{{ osbs_namespace }}:default"
- "system:serviceaccount:{{ osbs_namespace }}:builder"
- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:default"
- "system:serviceaccount:{{ osbs_orchestrator_namespace }}:builder"
osbs_worker_readonly_users:
- "system:serviceaccount:{{ osbs_worker_namespace }}:metrics"
osbs_worker_readonly_groups:
- "system:authenticated"
osbs_worker_readwrite_groups: []
osbs_worker_readwrite_users:
- "{{ ansible_hostname }}"
- "system:serviceaccount:{{ osbs_worker_namespace }}:default"
- "system:serviceaccount:{{ osbs_worker_namespace }}:builder"
os_admin_users:
- kevin
- puiterwijk

16
playbooks/groups/osbs-orchestrator-cluster.yml
View File

@@ -352,10 +352,10 @@
osbs_cpu_limitrange: "{{ os_cpu_limitrange }}"
osbs_admin_groups: "{{ os_admin_groups }}"
osbs_admin_users: "{{ os_admin_users }}"
osbs_readonly_groups: "{{ os_readonly_groups }}"
osbs_readonly_users: "{{ os_readonly_users }}"
osbs_readwrite_groups: "{{ os_readwrite_groups }}"
osbs_readwrite_users: "{{ os_readwrite_users }}"
osbs_readonly_groups: "{{ osbs_orchestrator_readonly_groups }}"
osbs_readonly_users: "{{ osbs_orchestrator_readonly_groups }}"
osbs_readwrite_groups: "{{ osbs_orchestrator_readwrite_groups }}"
osbs_readwrite_users: "{{ osbs_orchestrator_readwrite_users }}"
osbs_orchestrator: true
osbs_worker_clusters: "{{ worker_clusters }}"
osbs_koji_secret_name: "{{ koji_secret_name }}"
@@ -407,10 +407,10 @@
osbs_service_accounts: "{{ osbs_worker_service_accounts }}"
osbs_admin_groups: "{{ os_admin_groups }}"
osbs_admin_users: "{{ os_admin_users }}"
osbs_readonly_groups: "{{ os_readonly_groups }}"
osbs_readonly_users: "{{ os_readonly_users }}"
osbs_readwrite_groups: "{{ os_readwrite_groups }}"
osbs_readwrite_users: "{{ os_readwrite_users }}"
osbs_readonly_groups: "{{ osbs_worker_readonly_groups }}"
osbs_readonly_users: "{{ osbs_worker_readonly_groups }}"
osbs_readwrite_groups: "{{ osbs_worker_readwrite_groups }}"
osbs_readwrite_users: "{{ osbs_worker_readwrite_users }}"
osbs_orchestrator: false
osbs_worker_clusters: "{{ worker_clusters }}"
osbs_koji_secret_name: "{{ koji_secret_name }}"