diff options
author | Tim Bielawa <tbielawa@redhat.com> | 2017-09-06 15:11:55 -0400 |
---|---|---|
committer | Tim Bielawa <tbielawa@redhat.com> | 2017-10-04 10:48:30 -0400 |
commit | 42d330a1cf2990fee39dab36250524ebfb303428 (patch) | |
tree | c285407cbcbb32ee0ed292e98dfdc428db5dc52e /roles/openshift_cfme/tasks/accounts.yml | |
parent | a0ba7b469776f7a141d2bb0f26f51e3f1c4b268a (diff) | |
download | openshift-42d330a1cf2990fee39dab36250524ebfb303428.tar.gz openshift-42d330a1cf2990fee39dab36250524ebfb303428.tar.bz2 openshift-42d330a1cf2990fee39dab36250524ebfb303428.tar.xz openshift-42d330a1cf2990fee39dab36250524ebfb303428.zip |
CFME 4.6 work begins. CFME 4.5 references added to the release-3.6 branch
Diffstat (limited to 'roles/openshift_cfme/tasks/accounts.yml')
-rw-r--r-- | roles/openshift_cfme/tasks/accounts.yml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/roles/openshift_cfme/tasks/accounts.yml b/roles/openshift_cfme/tasks/accounts.yml new file mode 100644 index 000000000..261e7858b --- /dev/null +++ b/roles/openshift_cfme/tasks/accounts.yml @@ -0,0 +1,65 @@ +--- +# This role task file is responsible for user/system account creation, +# and ensuring correct access is provided as required. + +# TODO: This is currently not idempotent, bug report will be filed +# after this. Currently this task will return 'changed' if it just +# created a user, updated a user, or doesn't modify a user at +# all. Seems to be failing some kind of 'does it need updating' test +# condition and running the replace command regardless. +- name: Check if the miq-httpd scc exists + oc_obj: + namespace: "{{ openshift_cfme_project }}" + state: list + kind: scc + name: miq-httpd + register: miq_httpd_scc_exists + +# TODO: Cleanup when conditions +- name: Copy the miq-httpd SCC to the cluster + copy: + src: miq-scc-httpd.yaml + dest: "{{ template_dir }}" + when: + - miq_httpd_scc_exists.results.results | length == 1 + - miq_httpd_scc_exists.results.results[0] == {} + +- name: Ensure the CFME miq-httpd SCC exists + oc_obj: + state: present + name: miq-httpd + namespace: "{{ openshift_cfme_project }}" + kind: scc + files: + - "{{ template_dir }}/miq-scc-httpd.yaml" + delete_after: True + run_once: True + when: + - miq_httpd_scc_exists.results.results | length == 1 + - miq_httpd_scc_exists.results.results[0] == {} + +- name: Ensure the CFME system users exist + oc_serviceaccount: + namespace: "{{ openshift_cfme_project }}" + state: present + name: "{{ item.name }}" + with_items: + - "{{ openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have all the required SCCs + oc_adm_policy_user: + namespace: "{{ openshift_cfme_project }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}" + resource_kind: scc + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have the required roles + oc_adm_policy_user: + namespace: "{{ openshift_cfme_project }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}" + resource_kind: role + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ openshift_cfme_system_account_roles }}" |