From 397305469b91b3d987ccb30225c04bb773c5c07b Mon Sep 17 00:00:00 2001
From: deads2k <deads@redhat.com>
Date: Fri, 27 May 2016 15:10:25 -0400
Subject: [PATCH] let builders create new imagestreams for pushes

---
 pkg/cmd/server/bootstrappolicy/policy.go                   | 2 ++
 test/end-to-end/core.sh                                    | 2 ++
 test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml | 7 +++++++
 3 files changed, 11 insertions(+)

diff --git a/pkg/cmd/server/bootstrappolicy/policy.go b/pkg/cmd/server/bootstrappolicy/policy.go
index 79b70eee71fe..c4880761ada5 100644
--- a/pkg/cmd/server/bootstrappolicy/policy.go
+++ b/pkg/cmd/server/bootstrappolicy/policy.go
@@ -372,6 +372,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
 			Rules: []authorizationapi.PolicyRule{
 				// push and pull images
 				authorizationapi.NewRule("get", "update").Groups(imageGroup).Resources("imagestreams/layers").RuleOrDie(),
+				// allow auto-provisioning when pushing an image that doesn't have an imagestream yet
+				authorizationapi.NewRule("create").Groups(imageGroup).Resources("imagestreams").RuleOrDie(),
 				authorizationapi.NewRule("update").Groups(buildGroup).Resources("builds/details").RuleOrDie(),
 			},
 		},
diff --git a/test/end-to-end/core.sh b/test/end-to-end/core.sh
index b72aa96b29fe..3a3b03f58e35 100755
--- a/test/end-to-end/core.sh
+++ b/test/end-to-end/core.sh
@@ -338,6 +338,8 @@ os::cmd::try_until_text 'oc get events -n node-selector' 'pod-with-node-name.+No
 
 # Image pruning
 echo "[INFO] Validating image pruning"
+# builder service account should have the power to create new image streams: prune in this case
+os::cmd::expect_success "docker login -u e2e-user -p $(oc sa get-token builder -n cache) -e builder@openshift.com ${DOCKER_REGISTRY}"
 os::cmd::expect_success 'docker pull busybox'
 os::cmd::expect_success 'docker pull gcr.io/google_containers/pause'
 os::cmd::expect_success 'docker pull openshift/hello-openshift'
diff --git a/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml b/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
index cdcdc0cd2697..9ac3ed67d801 100644
--- a/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
+++ b/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
@@ -1221,6 +1221,13 @@ items:
     verbs:
     - get
     - update
+  - apiGroups:
+    - ""
+    attributeRestrictions: null
+    resources:
+    - imagestreams
+    verbs:
+    - create
   - apiGroups:
     - ""
     attributeRestrictions: null