---
- name: Create Controller service account
  oc_serviceaccount:
    name: kuryr-controller
    namespace: "{{ kuryr_namespace }}"
  register: saout

- name: Create a role for the Kuryr
  oc_clusterrole: "{{ kuryr_clusterrole }}"

- name: Fetch the created Kuryr controller cluster role
  oc_clusterrole:
    name: kuryrctl
    state: list
  register: crout

- name: Grant Kuryr the privileged security context constraints
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
    namespace: "{{ kuryr_namespace }}"
    resource_kind: scc
    resource_name: privileged
    state: present

- name: Assign role to Kuryr service account
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
    namespace: "{{ kuryr_namespace }}"
    resource_kind: cluster-role
    resource_name: "{{ crout.results.results.metadata.name }}"
    state: present