On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <jsa...@hiberus.com> wrote:
> yes ofc > > oc create serviceaccount icinga -n project1 > > oadm policy add-cluster-role-to-user admin system:serviceaccounts: > project1:icinga > There is no cluster role "admin" (... by default anyway, you could of course create one). You probably wanted `oc policy add-role-to-user admin ...` to make the user an admin of the project. Unless you actually wanted them to be an admin of the entire cluster, in which case the role is cluster-admin not admin. > > oadm policy reconcile-cluster-roles —confirm > > and then dump the token > > oc serviceaccounts get-token icing > > > ty frederic! > > i do login with curl but i get > > { > "kind": "Status", > "apiVersion": "v1", > "metadata": {}, > "status": "Failure", > "message": "User \"system:serviceaccount:project1:icinga\" cannot list > replicationcontrollers in project \”project1\"", > "reason": "Forbidden", > "details": { > "kind": "replicationcontrollers" > }, > "code": 403 > } > > > > > > El 19 oct 2017, a las 16:55, Frederic Giloux <fgil...@redhat.com> > escribió: > > Hi Julio, > > Could you copy the commands you have used? > > Regards, > > Frédéric > > On 19 Oct 2017 11:43, "Julio Saura" <jsa...@hiberus.com> wrote: > >> Hello >> >> i am trying to create a sa for accessing rest api with token .. >> >> i have followed the doc steps >> >> creating the account, applying admin role to that account and getting the >> token >> >> trying to access replicacioncontroller info with bearer in curl, i can >> auth into but i get i have no permission to list rc on the project >> >> i also did a reconciliate role on cluster >> >> i also logged in with oc login passing token as parameter, i log in but >> it says i have no projects .. >> >> what else i am missing? >> >> ty >> >> >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users