Update openshift role to use namespace-local roles

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-03-09 22:53:23 +01:00 · 2018-03-09 22:53:23 +01:00 · 78ff12f828
commit 78ff12f828
parent aaa694f7e4
2 changed files with 9 additions and 0 deletions
--- a/roles/openshift/project/templates/appowners.yml
+++ b/roles/openshift/project/templates/appowners.yml
@ -5,6 +5,10 @@ metadata:
  name: appowners
 roleRef:
  name: appowner
+{% if env == "staging" %}
+  # See note in role-appowners.yml
+  namespace: "{{app}}"
+{% endif %}
 userNames:
 {% for owner in appowners %}
 - {{ owner }}
--- a/roles/openshift/project/templates/role-appowners.yml
+++ b/roles/openshift/project/templates/role-appowners.yml
@ -1,11 +1,16 @@
 apiVersion: v1
+{% if env == "staging" %}
+kind: Role
+{% else %}
 # Namespace-local roles did not work until openshift 3.6
 # https://github.com/openshift/origin/issues/14078
 kind: ClusterRole
+{% endif %}
 metadata:
  annotations:
    openshift.io/description: An application owner. Can view everything but ConfigMaps.
  name: appowner
+  namespace: "{{ app }}"
 rules:
 - apiGroups:
  - ""