From 61be9961c467758264519058369bd2a589c10e94 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Fri, 14 Jul 2017 09:00:39 -0500
Subject: Adding in permissions to edit and admin cluster roles

---
 roles/openshift_service_catalog/tasks/install.yml | 34 +++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'roles/openshift_service_catalog/tasks/install.yml')

diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 1f9ecc2b8..de7511f71 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -66,6 +66,40 @@
     template_name: kube-system-service-catalog
     namespace: kube-system
 
+- oc_obj:
+    name: edit
+    kind: clusterrole
+    state: list
+  register: edit_yaml
+
+- name: Generate apply template for clusterrole/edit
+  template:
+    src: sc_role_patching.j2
+    dest: "{{ mktemp.stdout }}/edit_sc_patch.yml"
+  vars:
+    original_content: "{{ edit_yaml.results.results[0] | to_yaml }}"
+
+- name: update edit role for service catalog and pod preset access
+  command: >
+    oc apply -f {{ mktemp.stdout }}/edit_sc_patch.yml
+
+- oc_obj:
+    name: admin
+    kind: clusterrole
+    state: list
+  register: admin_yaml
+
+- name: Generate apply template for clusterrole/admin
+  template:
+    src: sc_role_patching.j2
+    dest: "{{ mktemp.stdout }}/admin_sc_patch.yml"
+  vars:
+    original_content: "{{ admin_yaml.results.results[0] | to_yaml }}"
+
+- name: update admin role for service catalog and pod preset access
+  command: >
+    oc apply -f {{ mktemp.stdout }}/admin_sc_patch.yml
+
 - shell: >
     oc get policybindings/kube-system:default -n kube-system || echo "not found"
   register: get_kube_system
-- 
cgit v1.2.3