diff options
author | Jordan Liggitt <jliggitt@redhat.com> | 2016-02-12 15:04:33 -0500 |
---|---|---|
committer | Jordan Liggitt <jliggitt@redhat.com> | 2016-02-12 15:04:33 -0500 |
commit | a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b (patch) | |
tree | 75680317a6d57c0da98c17de4564ba5b3f2c365e | |
parent | 6afdbf50e854feda5ccc6c7de55a9fa9ac22bf06 (diff) | |
download | openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.gz openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.bz2 openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.tar.xz openshift-a2c7847c6cd9df5d05ad7e94b6b1e72f33400b0b.zip |
Don't automatically give additional permissions to all OAuth users on upgrade
-rw-r--r-- | playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 1 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 3f5c37dde..049ac997c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -501,6 +501,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 81dbba1e3..dbf746f12 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -109,6 +109,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm |