openstack
/
ansible-role-k8s-mariadb
Code Issues Proposed changes

Add role and binding for configmaps mgmt 

Change-Id: I4738635d6be3fbe713437d8534f41f308d7b09a1
This commit is contained in:
Flavio Percoco 2017-12-21 11:35:00 +01:00
parent d2ed23ef3c
commit 93da2ef03c
2 changed files with 55 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tests/roles/kubernetes/tasks/run.yml
View File

@ -37,25 +37,36 @@
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: openstack
name: pod-reader
name: openstack:configmaps
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "update", "delete", "list"]
- apiGroups: null
attributeRestrictions: null
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- delete
- list
- patch
EOF
cat <<EOF | kubectl create -f -
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
name: openstack:configmaps
namespace: openstack
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: pod-reader
name: openstack:configmaps
namespace: openstack
apiGroup: rbac.authorization.k8s.io
EOF
executable: /bin/bash

38
tests/roles/openshift/tasks/run.yml
View File

@ -54,6 +54,44 @@
sudo chmod 777 /tmp/test-volume
sudo chcon -t svirt_sandbox_file_t /tmp/test-volume
cat <<EOF | oc create -f -
kind: Role
apiVersion: v1
metadata:
namespace: openstack
name: openstack:configmaps
rules:
- apiGroups: null
attributeRestrictions: null
resources:
- configmaps
verbs:
- get
- list
- watch
- update
- create
- delete
- list
- patch
EOF
cat <<EOF | oc create -f -
kind: RoleBinding
apiVersion: v1
metadata:
name: openstack:configmaps
namespace: openstack
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: openstack:configmaps
namespace: openstack
apiGroup: null
EOF
executable: /bin/bash
become: true
delegate_to: "primary"