summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJordan Liggitt <jliggitt@redhat.com>2016-02-12 15:04:33 -0500
committerJordan Liggitt <jliggitt@redhat.com>2016-02-12 15:04:33 -0500
commita2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b (patch)
tree75680317a6d57c0da98c17de4564ba5b3f2c365e
parent6afdbf50e854feda5ccc6c7de55a9fa9ac22bf06 (diff)
downloadopenshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.gz
openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.bz2
openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.xz
openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.zip
Don't automatically give additional permissions to all OAuth users on upgrade
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml1
2 files changed, 2 insertions, 0 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 3f5c37dde..049ac997c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -501,6 +501,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
index 81dbba1e3..dbf746f12 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
@@ -109,6 +109,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm