k8s_v1beta1_cluster_role_binding: role_ref_name is overwritten by object name #115
Description
Hi, I'm trying to create ClusterRoleBinding, using ansible-kubernetes-modules via following ansible specification:
- name: Grant permissions to GitLab Runner SA
k8s_v1beta1_cluster_role_binding:
state: present
name: gitlab-runner2
role_ref_api_group: rbac.authorization.k8s.io
role_ref_kind: ClusterRole
role_ref_name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: "{{gitlab_ns}}"
As a result, I expect ServiceAccount gitlab-runner to be bound to ClusterRole cluster-admin
But, instead, I'm getting:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-11-05T12:02:14Z
name: gitlab-runner2
resourceVersion: "2589558"
selfLink: /apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings/gitlab-runner2
uid: 29a5405b-c221-11e7-acf9-0ea794e93120
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gitlab-runner2
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: default
I suspect this happens, because role_ref_name has alias name, and there is overwritten by top-level name field
Also, is I use resource_definition to specify ClusterRoleBinding like this:
- name: Grant permissions to GitLab Runner SA
k8s_v1beta1_cluster_role_binding:
state: present
name: gitlab-runner2
resource_definition:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab-runner2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab-runner
namespace: default
I'm getting the following error:
TASK [cbr : Grant permissions to GitLab Runner SA] ****************************************************
Sunday 05 November 2017 15:12:33 +0300 (0:00:03.580) 0:00:03.637 *******
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Error parsing resource definition. Encountered roleRef_api_group, which does not map to a module parameter. If this looks like a problem with the module, please open an issue at github.com/openshift/openshift-restclient-python/issues"}