Hello
I tried with view and cluster-admin too. No luck
Guess is the curl issue
Ty!
> El 19 oct 2017, a las 21:40, Luke Meyer <lme...@redhat.com> escribió:
>
>
>
>> On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <jsa...@hiberus.com> wrote:
>> yes ofc
>>
>> oc create serviceaccount icinga -n project1
>>
>> oadm policy add-cluster-role-to-user admin
>> system:serviceaccounts:project1:icinga
>
> There is no cluster role "admin" (... by default anyway, you could of course
> create one).
>
> You probably wanted `oc policy add-role-to-user admin ...` to make the user
> an admin of the project.
>
> Unless you actually wanted them to be an admin of the entire cluster, in
> which case the role is cluster-admin not admin.
>
>
>>
>> oadm policy reconcile-cluster-roles —confirm
>>
>> and then dump the token
>>
>> oc serviceaccounts get-token icing
>>
>>
>> ty frederic!
>>
>> i do login with curl but i get
>>
>> {
>> "kind": "Status",
>> "apiVersion": "v1",
>> "metadata": {},
>> "status": "Failure",
>> "message": "User \"system:serviceaccount:project1:icinga\" cannot list
>> replicationcontrollers in project \”project1\"",
>> "reason": "Forbidden",
>> "details": {
>> "kind": "replicationcontrollers"
>> },
>> "code": 403
>> }
>>
>>
>>
>>
>>
>>> El 19 oct 2017, a las 16:55, Frederic Giloux <fgil...@redhat.com> escribió:
>>>
>>> Hi Julio,
>>>
>>> Could you copy the commands you have used?
>>>
>>> Regards,
>>>
>>> Frédéric
>>>
>>>> On 19 Oct 2017 11:43, "Julio Saura" <jsa...@hiberus.com> wrote:
>>>> Hello
>>>>
>>>> i am trying to create a sa for accessing rest api with token ..
>>>>
>>>> i have followed the doc steps
>>>>
>>>> creating the account, applying admin role to that account and getting the
>>>> token
>>>>
>>>> trying to access replicacioncontroller info with bearer in curl, i can
>>>> auth into but i get i have no permission to list rc on the project
>>>>
>>>> i also did a reconciliate role on cluster
>>>>
>>>> i also logged in with oc login passing token as parameter, i log in but it
>>>> says i have no projects ..
>>>>
>>>> what else i am missing?
>>>>
>>>> ty
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users@lists.openshift.redhat.com
>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>> _______________________________________________
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
