Make cluster-config rbac compatible for kubebernetes

The user admin needs to have system:master in the organization
and needs to be named admin.

Closes-Bug: #1689849
Change-Id: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
This commit is contained in:
Spyros Trigazis 2017-12-12 15:23:11 +00:00 committed by Spyros Trigazis
parent e3202b95e1
commit 2d5efb2e4d
1 changed files with 9 additions and 7 deletions

View File

@ -193,13 +193,13 @@ def _config_cluster_kubernetes(cluster, cluster_template,
"contexts:\n"
"- context:\n"
" cluster: %(name)s\n"
" user: %(name)s\n"
" name: %(name)s\n"
"current-context: %(name)s\n"
" user: admin\n"
" name: default\n"
"current-context: default\n"
"kind: Config\n"
"preferences: {}\n"
"users:\n"
"- name: %(name)s\n"
"- name: admin\n"
" user:\n"
" client-certificate: %(cfg_dir)s/cert.pem\n"
" client-key: %(cfg_dir)s/key.pem\n"
@ -249,9 +249,11 @@ def generate_csr_and_key():
key_size=2048,
backend=default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"Magnum User"),
])).sign(key, hashes.SHA256(), default_backend())
csr = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"system:masters")
])).sign(key, hashes.SHA256(), default_backend())
result = {
'csr': csr.public_bytes(