Try creating it without any roles already defined. Also, the command is pretty new, but it should in master now.
On Thu, Jul 7, 2016 at 11:18 AM, Alex Wauck <[email protected]> wrote: > Also, $ROLE_PROJECT is still visible in the web UI this time, despite the > fact that I recreated the policybinding. > > On Thu, Jul 7, 2016 at 10:16 AM, Alex Wauck <[email protected]> wrote: > >> Note: $ROLE_PROJECT is the project containing the role that I want to >> assign to the service account in $SERVICEACCOUNT_PROJECT. >> >> Here's the YAML I used to create the policybinding: >> apiVersion: v1 >> kind: PolicyBinding >> metadata: >> name: $ROLE_PROJECT:default >> policyRef: >> name: default >> namespace: $ROLE_PROJECT >> roleBindings: >> - name: testing >> roleBinding: >> metadata: >> name: testing >> namespace: $ROLE_PROJECT >> roleRef: >> name: testing >> namespace: $ROLE_PROJECT >> subjects: >> - kind: ServiceAccount >> name: system:serviceaccount:$SERVICEACCOUNT_PROJECT:testing >> userNames: null >> >> Terminal session after creating the above: >> $ oc policy add-role-to-user --role-namespace=$ROLE_PROJECT testing -z >> testing >> The RoleBinding "testing" is invalid. >> >> * metadata.resourceVersion: Invalid value: "": must be specified for an >> update >> * metadata.resourceVersion: Invalid value: "": must be specified for an >> update >> $ oc project $SERVICEACCOUNT_PROJECT >> Now using project "$SERVICEACCOUNT_PROJECT" on server " >> https://example.com:8443";. >> $ oc policy add-role-to-user --role-namespace=$ROLE_PROJECT testing -z >> testing >> Error from server: policybinding "$ROLE_PROJECT:default" not found >> $ oc get policybinding -n $ROLE_PROJECT >> NAME ROLE BINDINGS >> LAST MODIFIED >> :default admin, system:deployers, system:image-builders, >> system:image-pullers 2016-06-22 01:59:45 -0500 CDT >> $ROLE_PROJECT:default testing >> >> Looks like there's something I don't understand about policies, policy >> bindings, roles, service accounts, and how they all fit together. >> >> -- > > Alex Wauck // DevOps Engineer > > *E X O S I T E* > *www.exosite.com <http://www.exosite.com/>* > > Making Machines More Human. > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
