From 650149e1fa1e631775aac5ced9b22e03b3090f33 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Mon, 17 Jul 2017 10:02:32 -0500
Subject: Updating to use oc replace and conditionally update edit and admin
 roles

---
 roles/openshift_service_catalog/tasks/install.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'roles/openshift_service_catalog')

diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index de7511f71..98a13a462 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -72,16 +72,22 @@
     state: list
   register: edit_yaml
 
+# only do this if we don't already have the updated role info
 - name: Generate apply template for clusterrole/edit
   template:
     src: sc_role_patching.j2
     dest: "{{ mktemp.stdout }}/edit_sc_patch.yml"
   vars:
     original_content: "{{ edit_yaml.results.results[0] | to_yaml }}"
+  when:
+  - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
+# only do this if we don't already have the updated role info
 - name: update edit role for service catalog and pod preset access
   command: >
-    oc apply -f {{ mktemp.stdout }}/edit_sc_patch.yml
+    oc replace -f {{ mktemp.stdout }}/edit_sc_patch.yml
+  when:
+  - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 - oc_obj:
     name: admin
@@ -89,16 +95,22 @@
     state: list
   register: admin_yaml
 
+# only do this if we don't already have the updated role info
 - name: Generate apply template for clusterrole/admin
   template:
     src: sc_role_patching.j2
     dest: "{{ mktemp.stdout }}/admin_sc_patch.yml"
   vars:
     original_content: "{{ admin_yaml.results.results[0] | to_yaml }}"
+  when:
+  - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
+# only do this if we don't already have the updated role info
 - name: update admin role for service catalog and pod preset access
   command: >
-    oc apply -f {{ mktemp.stdout }}/admin_sc_patch.yml
+    oc replace -f {{ mktemp.stdout }}/admin_sc_patch.yml
+  when:
+  - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 - shell: >
     oc get policybindings/kube-system:default -n kube-system || echo "not found"
-- 
cgit v1.2.1