[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: role bindings incorrect after ose 3.2.0 upgrade



Also, the default for role reconciliation has changed to be additive only (https://github.com/openshift/origin/pull/8603), but I think that is post-3.2

If you've already reconciled those roles and want to re-add source build permissions for anyone who can create builds, you can do `oadm policy add-cluster-role-to-user system:build-strategy-source system:authenticated` (docs PR is open at https://github.com/openshift/openshift-docs/pull/1909/files)




On Wed, Jun 1, 2016 at 1:01 PM, Jordan Liggitt <jliggitt redhat com> wrote:
No, the source build strategy permissions moved from the admin/edit roles into their own specific roles.

Automatic role reconciliation on upgrade should be additive only, which would have left the source build permissions previously defined in the admin/edit roles:
$ oadm policy reconcile-cluster-roles --additive- --confirm






On Wed, Jun 1, 2016 at 12:16 PM, Dale Bewley <dale bewley net> wrote:

After upgrading to OSE 3.2.0 developers can no longer use the source build strategy.

I used the playbook to upgrade and now I'm trying to reconcile the policy role bindings per:

https://docs.openshift.com/enterprise/3.2/install_config/upgrading/manual_upgrades.html#updating-policy-definitions

Is it because the docs:

 $ oadm policy reconcile-cluster-role-bindings \
    --exclude-groups=system:authenticated \
    --exclude-groups=system:authenticated:oauth \
    --exclude-groups=system:unauthenticated \
    --exclude-users=system:anonymous \
    --additive- \
    --confirm

Should actually be:

 $ oadm policy reconcile-cluster-role-bindings \
    --exclude-groups=system:unauthenticated \
    --exclude-users=system:anonymous \
    --additive- \
    --confirm

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]