Proposes changes to service-catalog to facilitate controlling access to certain services and plans.
Not all services and plans should be available to all users. The existing cluster-scoped resources for brokers, services, and plans are not sufficient to implement access control to ensure that users have access only to the service and plans that they should.
Proposes changes to service-catalog to facilitate controlling access to certain services and plans.
Not all services and plans should be available to all users. The existing cluster-scoped resources for brokers, services, and plans are not sufficient to implement access control to ensure that users have access only to the service and plans that they should.
I hereby claim:
To claim this, I am signing this object:
| oc create -n ansible-service-broker -f https://raw.githubusercontent.com/eriknelson/ansible-playbook-bundle/644cd7cb5faa74dfd7cf482ef0fda7523a676f93/templates/openshift-permissions.template.yaml |
| handler/io.go:54: // TODO: ke.StatusError import is not working, compiler thinks ke.StatusError is undefined... | |
| clients/etcd.go:110: // TODO: Config validation | |
| clients/etcd.go:149: // TODO: Determine if transport needs optimization | |
| clients/zz_generated.deepcopy.go:3:// TODO: We need to remove this file by using the openshift api client. | |
| handler/handler.go:62:// TODO: implement asynchronous operations | |
| handler/handler.go:75: // TODO: determine what to do with the Principal. We don't really have a | |
| handler/handler.go:177: // TODO: Reintroduce router restriction based on API version when settled upstream | |
| handler/handler.go:234: // TODO: typically the methods on the broker return a response this | |
| broker/types.go:240:// TODO: What belongs on this thing? | |
| broker/broker.go:85: // TODO: consider returning a struct + error |
| -- Starting profile 'minishift' | |
| -- Checking if requested hypervisor 'kvm' is supported on this platform ... OK | |
| -- Checking if KVM driver is installed ... | |
| Driver is available at /usr/bin/docker-machine-driver-kvm ... | |
| Checking driver binary is executable ... OK | |
| -- Checking if Libvirt is installed ... OK | |
| -- Checking if Libvirt default network is present ... OK | |
| -- Checking if Libvirt default network is active ... OK | |
| -- Checking the ISO URL ... OK | |
| -- Starting local OpenShift cluster using 'kvm' hypervisor ... |
| The push refers to a repository [registry-access-default.192.168.42.180.nip.io:443/openshift/my-apb02] | |
| 26bb2141e8c4: Preparing | |
| 2607b7fea482: Preparing | |
| 30d5462c686c: Preparing | |
| ee36ec21785d: Preparing | |
| 40bdc0d41db4: Preparing | |
| db7d691740b2: Preparing | |
| b362758f4793: Preparing | |
| db7d691740b2: Waiting | |
| b362758f4793: Waiting |
| [root@host-172-16-120-150 ~]# cat /etc/sysconfig/docker | |
| # /etc/sysconfig/docker | |
| # Modify these options if you want to change the way the docker daemon runs | |
| OPTIONS=' --selinux-enabled --insecure-registry=172.30.0.0/16 --log-driver=journald --signature-verification=False' | |
| if [ -z "${DOCKER_CERT_PATH}" ]; then | |
| DOCKER_CERT_PATH=/etc/docker | |
| fi | |
| # Do not add registries in this file anymore. Use /etc/containers/registries.conf |
| {"version":1,"resource":"file:///git/backupr/scripts/ci/deep_int_test.py","entries":[{"id":"J3km.py","timestamp":1681534606443},{"id":"yP4f.py","timestamp":1681534660886},{"id":"9jF4.py","timestamp":1681534707110},{"id":"Iihf.py","timestamp":1681534734046},{"id":"w5Nk.py","timestamp":1681534746260}]} |
| --- | |
| - hosts: localhost | |
| roles: | |
| - ansible.kubernetes-modules | |
| vars: | |
| interface: eth1 | |
| ip: "{{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}" | |
| hostname: "{{ ip }}.nip.io" | |
| tasks: |
