-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrbac.yml
71 lines (67 loc) · 2.04 KB
/
rbac.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
---
- name: Create catalog admin group
uri:
url: https://cloud.redhat.com/api/rbac/v1/groups/
user: "{{ username }}"
password: "{{ password }}"
force_basic_auth: true
method: POST
headers:
accept: "application/json"
body_format: json
body:
name: "{{ catalog_admin_group }}"
description: "A group of catalog admins created for demo purposes"
register: createGroup
changed_when: "createGroup.status == 201"
failed_when:
- "createGroup.status == 401"
- "createGroup.status == 403"
- "createGroup.status == 500"
- name: Get {{ catalog_admin_group }}
uri:
url: https://cloud.redhat.com/api/rbac/v1/groups/?limit=1&name=CatalogAdmin-demo&scope=account
user: "{{ username }}"
password: "{{ password }}"
force_basic_auth: true
method: GET
headers:
accept: "application/json"
register: adminGroup
- name: Get "Catalog Administrators" role
uri:
url: https://cloud.redhat.com/api/rbac/v1/roles/?limit=10&name=Catalog%20Administrator&scope=account&add_fields=groups_in
user: "{{ username }}"
password: "{{ password }}"
force_basic_auth: true
method: GET
headers:
accept: "application/json"
register: catalogAdminRole
- name: Add "Catalog Administrators" role to {{ catalog_admin_group }}
uri:
url: https://cloud.redhat.com/api/rbac/v1/groups/{{ adminGroup.json.data[0].uuid }}/roles/
user: "{{ username }}"
password: "{{ password }}"
force_basic_auth: true
method: POST
headers:
accept: "application/json"
body_format: json
body:
roles:
- "{{ catalogAdminRole.json.data[0].uuid }}"
register: addRole
- name: Add {{ username }} to {{ catalog_admin_group }}
uri:
url: https://cloud.redhat.com/api/rbac/v1/groups/{{ adminGroup.json.data[0].uuid }}/principals/
user: "{{ username }}"
password: "{{ password }}"
force_basic_auth: true
method: POST
headers:
accept: "application/json"
body_format: json
body:
principals:
- username: "{{ username }}"