From 40ca512e39add508ee20c913efa71648fd5e2275 Mon Sep 17 00:00:00 2001
From: Brenton Leanhardt <bleanhar@redhat.com>
Date: Tue, 16 Feb 2016 10:14:10 -0500
Subject: Handle case where the user already had access to the scc

---
 roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'roles')

diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
index 628df4540..1efab9466 100644
--- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
+++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
@@ -26,9 +26,12 @@
 - name: Add security context constraint for {{ item }}
   lineinfile:
     dest: /tmp/openshift/scc.yaml
-    line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
+    line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
     insertafter: "^users:$"
-  with_items: openshift_serviceaccounts_names
+  when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
+  with_nested:
+  - openshift_serviceaccounts_names
+  - scc_test.results
 
 - name: Apply new scc rules for service accounts
   command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
-- 
cgit v1.2.1