By default, service accounts do not have access to request projects. If you want to grant that permission, it is contained in the self-provisioner cluster role, which you can grant like this:
oc adm add-cluster-role-to-user self-provisioner system:serviceaccount:<your-sa-namespace>:<your-sa-name> On Thu, May 3, 2018 at 5:52 AM, jelmer van amen <[email protected]> wrote: > p.s > > I found that curl -k -H "Authorization: Bearer $TOKEN" -H 'Accept: > application/json' https://kubernetes.default. > svc/oapi/v1/projectrequests > > Gives a similar result > { > "kind": "Status", > "apiVersion": "v1", > "metadata": {}, > "status": "Failure", > "message": "You may not request a new project via this API.", > "reason": "Forbidden", > "details": { > "group": "project.openshift.io", > "kind": "projectrequest" > }, > "code": 403 > > Is there some extra permission needed to call apis with a service account? > > On 3 May 2018 at 11:45, jelmer van amen <[email protected]> wrote: > >> Hi all, >> >> I'm trying to get arquillian-cube working from jenkins. Arquillian cube >> want's to create new namepsaces to spin up the tests. To do this, it calls >> curl -k -H "Authorization: Bearer $TOKEN" -H 'Accept: >> application/json' https://kubernetes.default.sv >> c/apis/project.openshift.io/v1/projectrequests >> >> This returns: >> { >> "kind": "Status", >> "apiVersion": "v1", >> "metadata": {}, >> "status": "Failure", >> "message": "You may not request a new project via this API.", >> "reason": "Forbidden", >> "details": { >> "group": "project.openshift.io", >> "kind": "projectrequest" >> }, >> "code": 403 >> >> >> The service user belonging to the token should have all the rights. I've >> searched the documentation and the first notice of this specific path is in >> openshift v3.7. Am I correct in thinking that this api endpoint is not >> available in openshift v3.6? Or is this still a rights problem? >> >> Kind regards, >> Jelmer >> >> > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
