[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: service account for rest api

yes ofc

oc create serviceaccount icinga -n project1

oadm policy add-cluster-role-to-user admin system:serviceaccounts:project1:icinga

oadm policy reconcile-cluster-roles —confirm

and then dump the token

oc serviceaccounts get-token icing

ty frederic!

i do login with curl but i get 

  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "User \"system:serviceaccount:project1:icinga\" cannot list replicationcontrollers in project \”project1\"",
  "reason": "Forbidden",
  "details": {
    "kind": "replicationcontrollers"
  "code": 403

El 19 oct 2017, a las 16:55, Frederic Giloux <fgiloux redhat com> escribió:

Hi Julio, 

Could you copy the commands you have used?



On 19 Oct 2017 11:43, "Julio Saura" <jsaura hiberus com> wrote:

i am trying to create a sa for accessing rest api with token ..

i have followed the doc steps

creating the account, applying admin role to that account and getting the token

trying to access replicacioncontroller info with bearer in curl, i can auth into but i get i have no permission to list rc on the project

i also did a reconciliate role on cluster

i also logged in with oc login passing token as parameter, i log in but it says i have no projects ..

what else i am missing?


users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]