Browse Source

Make cluster-config rbac compatible for kubebernetes

The user admin needs to have system:master in the organization
and needs to be named admin.

Closes-Bug: #1689849
Change-Id: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
tags/2.10.0
Spyros Trigazis 1 year ago
parent
commit
2d5efb2e4d
1 changed files with 9 additions and 7 deletions
  1. 9
    7
      magnumclient/common/utils.py

+ 9
- 7
magnumclient/common/utils.py View File

@@ -193,13 +193,13 @@ def _config_cluster_kubernetes(cluster, cluster_template,
193 193
                "contexts:\n"
194 194
                "- context:\n"
195 195
                "    cluster: %(name)s\n"
196
-               "    user: %(name)s\n"
197
-               "  name: %(name)s\n"
198
-               "current-context: %(name)s\n"
196
+               "    user: admin\n"
197
+               "  name: default\n"
198
+               "current-context: default\n"
199 199
                "kind: Config\n"
200 200
                "preferences: {}\n"
201 201
                "users:\n"
202
-               "- name: %(name)s\n"
202
+               "- name: admin\n"
203 203
                "  user:\n"
204 204
                "    client-certificate: %(cfg_dir)s/cert.pem\n"
205 205
                "    client-key: %(cfg_dir)s/key.pem\n"
@@ -249,9 +249,11 @@ def generate_csr_and_key():
249 249
         key_size=2048,
250 250
         backend=default_backend())
251 251
 
252
-    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
253
-        x509.NameAttribute(NameOID.COMMON_NAME, u"Magnum User"),
254
-    ])).sign(key, hashes.SHA256(), default_backend())
252
+    csr = x509.CertificateSigningRequestBuilder().subject_name(
253
+        x509.Name([
254
+            x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
255
+            x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"system:masters")
256
+        ])).sign(key, hashes.SHA256(), default_backend())
255 257
 
256 258
     result = {
257 259
         'csr': csr.public_bytes(

Loading…
Cancel
Save