Hello I tried with view and cluster-admin too. No luck
Guess is the curl issue Ty! > El 19 oct 2017, a las 21:40, Luke Meyer <lme...@redhat.com> escribió: > > > >> On Thu, Oct 19, 2017 at 10:58 AM, Julio Saura <jsa...@hiberus.com> wrote: >> yes ofc >> >> oc create serviceaccount icinga -n project1 >> >> oadm policy add-cluster-role-to-user admin >> system:serviceaccounts:project1:icinga > > There is no cluster role "admin" (... by default anyway, you could of course > create one). > > You probably wanted `oc policy add-role-to-user admin ...` to make the user > an admin of the project. > > Unless you actually wanted them to be an admin of the entire cluster, in > which case the role is cluster-admin not admin. > > >> >> oadm policy reconcile-cluster-roles —confirm >> >> and then dump the token >> >> oc serviceaccounts get-token icing >> >> >> ty frederic! >> >> i do login with curl but i get >> >> { >> "kind": "Status", >> "apiVersion": "v1", >> "metadata": {}, >> "status": "Failure", >> "message": "User \"system:serviceaccount:project1:icinga\" cannot list >> replicationcontrollers in project \”project1\"", >> "reason": "Forbidden", >> "details": { >> "kind": "replicationcontrollers" >> }, >> "code": 403 >> } >> >> >> >> >> >>> El 19 oct 2017, a las 16:55, Frederic Giloux <fgil...@redhat.com> escribió: >>> >>> Hi Julio, >>> >>> Could you copy the commands you have used? >>> >>> Regards, >>> >>> Frédéric >>> >>>> On 19 Oct 2017 11:43, "Julio Saura" <jsa...@hiberus.com> wrote: >>>> Hello >>>> >>>> i am trying to create a sa for accessing rest api with token .. >>>> >>>> i have followed the doc steps >>>> >>>> creating the account, applying admin role to that account and getting the >>>> token >>>> >>>> trying to access replicacioncontroller info with bearer in curl, i can >>>> auth into but i get i have no permission to list rc on the project >>>> >>>> i also did a reconciliate role on cluster >>>> >>>> i also logged in with oc login passing token as parameter, i log in but it >>>> says i have no projects .. >>>> >>>> what else i am missing? >>>> >>>> ty >>>> >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> users@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users