Also, $ROLE_PROJECT is still visible in the web UI this time, despite the fact that I recreated the policybinding.
On Thu, Jul 7, 2016 at 10:16 AM, Alex Wauck <[email protected]> wrote: > Note: $ROLE_PROJECT is the project containing the role that I want to > assign to the service account in $SERVICEACCOUNT_PROJECT. > > Here's the YAML I used to create the policybinding: > apiVersion: v1 > kind: PolicyBinding > metadata: > name: $ROLE_PROJECT:default > policyRef: > name: default > namespace: $ROLE_PROJECT > roleBindings: > - name: testing > roleBinding: > metadata: > name: testing > namespace: $ROLE_PROJECT > roleRef: > name: testing > namespace: $ROLE_PROJECT > subjects: > - kind: ServiceAccount > name: system:serviceaccount:$SERVICEACCOUNT_PROJECT:testing > userNames: null > > Terminal session after creating the above: > $ oc policy add-role-to-user --role-namespace=$ROLE_PROJECT testing -z > testing > The RoleBinding "testing" is invalid. > > * metadata.resourceVersion: Invalid value: "": must be specified for an > update > * metadata.resourceVersion: Invalid value: "": must be specified for an > update > $ oc project $SERVICEACCOUNT_PROJECT > Now using project "$SERVICEACCOUNT_PROJECT" on server " > https://example.com:8443";. > $ oc policy add-role-to-user --role-namespace=$ROLE_PROJECT testing -z > testing > Error from server: policybinding "$ROLE_PROJECT:default" not found > $ oc get policybinding -n $ROLE_PROJECT > NAME ROLE BINDINGS > LAST MODIFIED > :default admin, system:deployers, system:image-builders, > system:image-pullers 2016-06-22 01:59:45 -0500 CDT > $ROLE_PROJECT:default testing > > Looks like there's something I don't understand about policies, policy > bindings, roles, service accounts, and how they all fit together. > > -- Alex Wauck // DevOps Engineer *E X O S I T E* *www.exosite.com <http://www.exosite.com/>* Making Machines More Human.
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
