diff options
| author | Tim Bielawa <tbielawa@redhat.com> | 2017-09-15 17:18:22 -0400 |
|---|---|---|
| committer | Tim Bielawa <tbielawa@redhat.com> | 2017-10-04 10:48:30 -0400 |
| commit | 8e10c53974b4b87e483ed0dfec3946383aa071c7 (patch) | |
| tree | 9d1cf76f6e563f9b47fd4f6c6b8bfaa0316ca884 /roles/openshift_cfme/tasks/accounts.yml | |
| parent | 42d330a1cf2990fee39dab36250524ebfb303428 (diff) | |
| download | openshift-8e10c53974b4b87e483ed0dfec3946383aa071c7.tar.gz openshift-8e10c53974b4b87e483ed0dfec3946383aa071c7.tar.bz2 openshift-8e10c53974b4b87e483ed0dfec3946383aa071c7.tar.xz openshift-8e10c53974b4b87e483ed0dfec3946383aa071c7.zip | |
Import upstream templates. Do the work. Validate parameters.
Diffstat (limited to 'roles/openshift_cfme/tasks/accounts.yml')
| -rw-r--r-- | roles/openshift_cfme/tasks/accounts.yml | 51 |
1 files changed, 7 insertions, 44 deletions
diff --git a/roles/openshift_cfme/tasks/accounts.yml b/roles/openshift_cfme/tasks/accounts.yml index 261e7858b..64976cd0e 100644 --- a/roles/openshift_cfme/tasks/accounts.yml +++ b/roles/openshift_cfme/tasks/accounts.yml @@ -1,65 +1,28 @@ --- # This role task file is responsible for user/system account creation, # and ensuring correct access is provided as required. - -# TODO: This is currently not idempotent, bug report will be filed -# after this. Currently this task will return 'changed' if it just -# created a user, updated a user, or doesn't modify a user at -# all. Seems to be failing some kind of 'does it need updating' test -# condition and running the replace command regardless. -- name: Check if the miq-httpd scc exists - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: list - kind: scc - name: miq-httpd - register: miq_httpd_scc_exists - -# TODO: Cleanup when conditions -- name: Copy the miq-httpd SCC to the cluster - copy: - src: miq-scc-httpd.yaml - dest: "{{ template_dir }}" - when: - - miq_httpd_scc_exists.results.results | length == 1 - - miq_httpd_scc_exists.results.results[0] == {} - -- name: Ensure the CFME miq-httpd SCC exists - oc_obj: - state: present - name: miq-httpd - namespace: "{{ openshift_cfme_project }}" - kind: scc - files: - - "{{ template_dir }}/miq-scc-httpd.yaml" - delete_after: True - run_once: True - when: - - miq_httpd_scc_exists.results.results | length == 1 - - miq_httpd_scc_exists.results.results[0] == {} - -- name: Ensure the CFME system users exist +- name: Ensure the CFME system accounts exist oc_serviceaccount: namespace: "{{ openshift_cfme_project }}" state: present - name: "{{ item.name }}" + name: "{{ openshift_cfme_flavor_short }}{{ item.name }}" with_items: - - "{{ openshift_system_account_sccs }}" + - "{{ __openshift_system_account_sccs }}" - name: Ensure the CFME system accounts have all the required SCCs oc_adm_policy_user: namespace: "{{ openshift_cfme_project }}" - user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" resource_kind: scc resource_name: "{{ item.resource_name }}" with_items: - - "{{ openshift_system_account_sccs }}" + - "{{ __openshift_system_account_sccs }}" - name: Ensure the CFME system accounts have the required roles oc_adm_policy_user: namespace: "{{ openshift_cfme_project }}" - user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ item.name }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" resource_kind: role resource_name: "{{ item.resource_name }}" with_items: - - "{{ openshift_cfme_system_account_roles }}" + - "{{ __openshift_cfme_system_account_roles }}" |