[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: service account for rest api



Hello

I tried with view and cluster-admin too. No luck

Guess is the curl issue

Ty!

El 19 oct 2017, a las 21:40, Luke Meyer <lmeyer redhat com> escribió:



On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <jsaura hiberus com> wrote:
yes ofc

oc create serviceaccount icinga -n project1

oadm policy add-cluster-role-to-user admin system:serviceaccounts:project1:icinga

There is no cluster role "admin" (... by default anyway, you could of course create one).

You probably wanted `oc policy add-role-to-user admin ...` to make the user an admin of the project.

Unless you actually wanted them to be an admin of the entire cluster, in which case the role is cluster-admin not admin.

 

oadm policy reconcile-cluster-roles —confirm

and then dump the token

oc serviceaccounts get-token icing


ty frederic!

i do login with curl but i get 

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "User \"system:serviceaccount:project1:icinga\" cannot list replicationcontrollers in project \”project1\"",
  "reason": "Forbidden",
  "details": {
    "kind": "replicationcontrollers"
  },
  "code": 403
}





El 19 oct 2017, a las 16:55, Frederic Giloux <fgiloux redhat com> escribió:

Hi Julio, 

Could you copy the commands you have used?

Regards, 

Frédéric 

On 19 Oct 2017 11:43, "Julio Saura" <jsaura hiberus com> wrote:
Hello

i am trying to create a sa for accessing rest api with token ..

i have followed the doc steps

creating the account, applying admin role to that account and getting the token

trying to access replicacioncontroller info with bearer in curl, i can auth into but i get i have no permission to list rc on the project

i also did a reconciliate role on cluster

i also logged in with oc login passing token as parameter, i log in but it says i have no projects ..

what else i am missing?

ty



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]