Re: service account for rest api

Thu, 19 Oct 2017 12:41:57 -0700 

On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <jsa...@hiberus.com> wrote:

> yes ofc
>
> oc create serviceaccount icinga -n project1
>
> oadm policy add-cluster-role-to-user admin system:serviceaccounts:
> project1:icinga
>

There is no cluster role "admin" (... by default anyway, you could of
course create one).

You probably wanted `oc policy add-role-to-user admin ...` to make the user
an admin of the project.

Unless you actually wanted them to be an admin of the entire cluster, in
which case the role is cluster-admin not admin.



>
> oadm policy reconcile-cluster-roles —confirm
>
> and then dump the token
>
> oc serviceaccounts get-token icing
>
>
> ty frederic!
>
> i do login with curl but i get
>
> {
>   "kind": "Status",
>   "apiVersion": "v1",
>   "metadata": {},
>   "status": "Failure",
>   "message": "User \"system:serviceaccount:project1:icinga\" cannot list
> replicationcontrollers in project \”project1\"",
>   "reason": "Forbidden",
>   "details": {
>     "kind": "replicationcontrollers"
>   },
>   "code": 403
> }
>
>
>
>
>
> El 19 oct 2017, a las 16:55, Frederic Giloux <fgil...@redhat.com>
> escribió:
>
> Hi Julio,
>
> Could you copy the commands you have used?
>
> Regards,
>
> Frédéric
>
> On 19 Oct 2017 11:43, "Julio Saura" <jsa...@hiberus.com> wrote:
>
>> Hello
>>
>> i am trying to create a sa for accessing rest api with token ..
>>
>> i have followed the doc steps
>>
>> creating the account, applying admin role to that account and getting the
>> token
>>
>> trying to access replicacioncontroller info with bearer in curl, i can
>> auth into but i get i have no permission to list rc on the project
>>
>> i also did a reconciliate role on cluster
>>
>> i also logged in with oc login passing token as parameter, i log in but
>> it says i have no projects ..
>>
>> what else i am missing?
>>
>> ty
>>
>>
>>
>> _______________________________________________
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>
>
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>

_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to