On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <[email protected]> wrote:
> yes ofc
>
> oc create serviceaccount icinga -n project1
>
> oadm policy add-cluster-role-to-user admin system:serviceaccounts:
> project1:icinga
>
There is no cluster role "admin" (... by default anyway, you could of
course create one).
You probably wanted `oc policy add-role-to-user admin ...` to make the user
an admin of the project.
Unless you actually wanted them to be an admin of the entire cluster, in
which case the role is cluster-admin not admin.
>
> oadm policy reconcile-cluster-roles —confirm
>
> and then dump the token
>
> oc serviceaccounts get-token icing
>
>
> ty frederic!
>
> i do login with curl but i get
>
> {
> "kind": "Status",
> "apiVersion": "v1",
> "metadata": {},
> "status": "Failure",
> "message": "User \"system:serviceaccount:project1:icinga\" cannot list
> replicationcontrollers in project \”project1\"",
> "reason": "Forbidden",
> "details": {
> "kind": "replicationcontrollers"
> },
> "code": 403
> }
>
>
>
>
>
> El 19 oct 2017, a las 16:55, Frederic Giloux <[email protected]>
> escribió:
>
> Hi Julio,
>
> Could you copy the commands you have used?
>
> Regards,
>
> Frédéric
>
> On 19 Oct 2017 11:43, "Julio Saura" <[email protected]> wrote:
>
>> Hello
>>
>> i am trying to create a sa for accessing rest api with token ..
>>
>> i have followed the doc steps
>>
>> creating the account, applying admin role to that account and getting the
>> token
>>
>> trying to access replicacioncontroller info with bearer in curl, i can
>> auth into but i get i have no permission to list rc on the project
>>
>> i also did a reconciliate role on cluster
>>
>> i also logged in with oc login passing token as parameter, i log in but
>> it says i have no projects ..
>>
>> what else i am missing?
>>
>> ty
>>
>>
>>
>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
