1 files changed, 11 insertions, 16 deletions

diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index c0be9896c..de62d11e8 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -23,22 +23,11 @@
     ansible_service_broker_registry_password: "{{ ansible_service_broker_registry_password | default(__ansible_service_broker_registry_password) }}"
     ansible_service_broker_registry_organization: "{{ ansible_service_broker_registry_organization | default(__ansible_service_broker_registry_organization) }}"
 
-    openshift_master_config_dir: "{{ openshift_master_config_dir | default(openshift.common.config_base + '/master') }}"
-
 - name: set ansible-service-broker image facts using set prefix and tag
   set_fact:
     ansible_service_broker_image: "{{ ansible_service_broker_image_prefix }}ansible-service-broker:{{ ansible_service_broker_image_tag }}"
     ansible_service_broker_etcd_image: "{{ ansible_service_broker_etcd_image_prefix }}etcd:{{ ansible_service_broker_etcd_image_tag }}"
 
-- set_fact:
-    openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
-  when: openshift_master_config_dir is undefined
-
-- slurp:
-    src: "{{ openshift_master_config_dir }}/ca.crt"
-  register: catalog_ca
-
-
 - include: validate_facts.yml
 
 
@@ -83,13 +72,12 @@
     state: present
     name: asb-access
     rules:
-      - nonResourceURLs: ["/ansible-service-broker", "ansible-service-broker/*"]
+      - nonResourceURLs: ["/ansible-service-broker", "/ansible-service-broker/*"]
         verbs: ["get", "post", "put", "patch", "delete"]
 
 - name: Bind admin cluster-role to asb serviceaccount
   oc_adm_policy_user:
     state: present
-    namespace: openshift-ansible-service-broker
     resource_kind: cluster-role
     resource_name: admin
     user: "system:serviceaccount:openshift-ansible-service-broker:asb"
@@ -97,7 +85,6 @@
 - name: Bind auth cluster role to asb service account
   oc_adm_policy_user:
     state: present
-    namespace: openshift-ansible-service-broker
     resource_kind: cluster-role
     resource_name: asb-auth
     user: "system:serviceaccount:openshift-ansible-service-broker:asb"
@@ -105,7 +92,6 @@
 - name: Bind asb-access role to asb-client service account
   oc_adm_policy_user:
     state: present
-    namespace: openshift-ansible-service-broker
     resource_kind: cluster-role
     resource_name: asb-access
     user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
@@ -128,6 +114,15 @@
             kubernetes.io/service-account.name: asb-client
         type: kubernetes.io/service-account-token
 
+- oc_secret:
+    state: list
+    namespace: openshift-ansible-service-broker
+    name: asb-client
+  register: asb_client_secret
+
+- set_fact:
+    service_ca_crt: asb_client_secret.results.results.0.data['service-ca.crt']
+
 # Using oc_obj because oc_service doesn't seem to allow annotations
 # TODO: Extend oc_service to allow annotations
 - name: create ansible-service-broker service
@@ -350,4 +345,4 @@
                 name: asb-client
                 namespace: openshift-ansible-service-broker
                 kind: Secret
-          caBundle: "{{ catalog_ca.content }}"
+          caBundle: "{{ service_ca_crt }}"