From 40ca512e39add508ee20c913efa71648fd5e2275 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Tue, 16 Feb 2016 10:14:10 -0500 Subject: Handle case where the user already had access to the scc --- roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml index 628df4540..1efab9466 100644 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml @@ -26,9 +26,12 @@ - name: Add security context constraint for {{ item }} lineinfile: dest: /tmp/openshift/scc.yaml - line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}" + line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}" insertafter: "^users:$" - with_items: openshift_serviceaccounts_names + when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" + with_nested: + - openshift_serviceaccounts_names + - scc_test.results - name: Apply new scc rules for service accounts command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" -- cgit v1.2.3