diff options
Diffstat (limited to 'roles/openshift_serviceaccounts/tasks')
-rw-r--r-- | roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml | 38 | ||||
-rw-r--r-- | roles/openshift_serviceaccounts/tasks/main.yml | 28 |
2 files changed, 0 insertions, 66 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml deleted file mode 100644 index b8cbe9a84..000000000 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -#### -# -# OSE 3.0.z did not have 'oadm policy add-scc-to-user'. -# -#### - -- name: tmp dir for openshift - file: - path: /tmp/openshift - state: directory - owner: root - mode: 0700 - -- name: Create service account configs - template: - src: serviceaccount.j2 - dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" - with_items: '{{ openshift_serviceaccounts_names }}' - -- name: Get current security context constraints - shell: > - {{ openshift.common.client_binary }} get scc privileged -o yaml - --output-version=v1 > /tmp/openshift/scc.yaml - changed_when: false - -- name: Add security context constraint for {{ item }} - lineinfile: - dest: /tmp/openshift/scc.yaml - line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}" - insertafter: "^users:$" - when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" - with_nested: - - '{{ openshift_serviceaccounts_names }}' - - '{{ scc_test.results }}' - -- name: Apply new scc rules for service accounts - command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml deleted file mode 100644 index 1d570fa5b..000000000 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: create the service account - oc_serviceaccount: - name: "{{ item }}" - namespace: "{{ openshift_serviceaccounts_namespace }}" - state: present - with_items: - - "{{ openshift_serviceaccounts_names }}" - -- name: test if scc needs to be updated - command: > - {{ openshift.common.client_binary }} get scc {{ item }} -o yaml - changed_when: false - failed_when: false - register: scc_test - with_items: "{{ openshift_serviceaccounts_sccs }}" - -- name: Grant the user access to the appropriate scc - command: > - {{ openshift.common.client_binary }} adm policy add-scc-to-user - {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }} - when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}" - with_nested: - - "{{ openshift_serviceaccounts_names }}" - - "{{ scc_test.results }}" - -- include: legacy_add_scc_to_user.yml - when: not openshift.common.version_gte_3_1_or_1_1 |