summaryrefslogtreecommitdiffstats
path: root/roles/openshift_serviceaccounts
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-02-16 10:14:34 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2016-02-16 10:51:03 -0500
commit4e6297c8d99b0ef38bdc3375b14107cf21754348 (patch)
treee788a037d0fc2185c906142af4d6801863182fdc /roles/openshift_serviceaccounts
parentea215cdd994717a4c07e4610e4c8b836a5b98b35 (diff)
downloadopenshift-4e6297c8d99b0ef38bdc3375b14107cf21754348.tar.gz
openshift-4e6297c8d99b0ef38bdc3375b14107cf21754348.tar.bz2
openshift-4e6297c8d99b0ef38bdc3375b14107cf21754348.tar.xz
openshift-4e6297c8d99b0ef38bdc3375b14107cf21754348.zip
Refactoring the add-scc-to-user logic
Diffstat (limited to 'roles/openshift_serviceaccounts')
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml34
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml39
2 files changed, 35 insertions, 38 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
new file mode 100644
index 000000000..628df4540
--- /dev/null
+++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
@@ -0,0 +1,34 @@
+####
+#
+# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
+#
+####
+
+- name: tmp dir for openshift
+ file:
+ path: /tmp/openshift
+ state: directory
+ owner: root
+ mode: 700
+
+- name: Create service account configs
+ template:
+ src: serviceaccount.j2
+ dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
+ with_items: openshift_serviceaccounts_names
+
+- name: Get current security context constraints
+ shell: >
+ {{ openshift.common.client_binary }} get scc privileged -o yaml
+ --output-version=v1 > /tmp/openshift/scc.yaml
+ changed_when: false
+
+- name: Add security context constraint for {{ item }}
+ lineinfile:
+ dest: /tmp/openshift/scc.yaml
+ line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
+ insertafter: "^users:$"
+ with_items: openshift_serviceaccounts_names
+
+- name: Apply new scc rules for service accounts
+ command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 89d9e3aa7..f34fa7b74 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -32,42 +32,5 @@
- openshift_serviceaccounts_names
- scc_test.results
-####
-#
-# Support for 3.0.z
-#
-####
-
-- name: tmp dir for openshift
- file:
- path: /tmp/openshift
- state: directory
- owner: root
- mode: 700
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Create service account configs
- template:
- src: serviceaccount.j2
- dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: openshift_serviceaccounts_names
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Get current security context constraints
- shell: >
- {{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/openshift/scc.yaml
- changed_when: false
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Add security context constraint for {{ item }}
- lineinfile:
- dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
- insertafter: "^users:$"
- with_items: openshift_serviceaccounts_names
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
+- include: legacy_add_scc_to_user.yml
when: not openshift.common.version_gte_3_1_or_1_1