[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Project user access

Looks like a typo.  You added system:serviceaccounts:default:robot, but your user is "system:serviceaccount:default:robot".  Note the extra 's' in your rolebinding.

On Tue, Nov 24, 2015 at 9:58 AM, John Skarbek <jskarbek rallydev com> wrote:
Hi guys,

I'm back asking about roles again.  I've created a service "robot" account in the default project.  I'm adding him to the role `admin` for other projects.  When logging as this robot service account, he doesn't appear to have access to any projects.  Is there another step for role access I'm missing?

# oc get sa -n default
builder    2         3d
default    3         3d
deployer   2         3d
registry   3         3d
robot      2         21m
router     2         3d

# oc describe policybindings -n sample-project
Name:                                   :default
Created:                                21 minutes ago
Labels:                                 <none>
Last Modified:                          2015-11-24 14:33:03 +0000 UTC
Policy:                                 <none>
                                        Role:                   admin
                                        Users:                  system:admin, system:serviceaccounts:default:robot
                                        Groups:                 <none>
                                        ServiceAccounts:        <none>
                                        Subjects:               <none>

And then here's that account logging into the oc command line interface:

% oc login --token=<THAT_REALLY_LONG_TOKEN> https://master1.example.com:8443
Logged into "https://master1.example.com:8443" as "system:serviceaccount:default:robot" using the token provided.

You don't have any projects. You can try to create a new project, by running

    $ oc new-project <projectname>


John Skarbek

Infrastructure Engineer

CA Technologies | 1101 Haynes St, Suite 105 | Raleigh, NC 27604

Office: +1 720 921 8126 | john skarbek ca com

Rally is now CA Technologies


users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]