---

- name: ensure the node-bootstrap service account exists
  oc_serviceaccount:
    name: node-bootstrapper
    namespace: openshift-infra
    state: present
  run_once: true

- name: grant node-bootstrapper the correct permissions to bootstrap
  oc_adm_policy_user:
    namespace: openshift-infra
    user: system:serviceaccount:openshift-infra:node-bootstrapper
    resource_kind: cluster-role
    resource_name: system:node-bootstrapper
    state: present
  run_once: true

# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
  command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
  register: kubeconfig_out

- name: put service account kubeconfig into a file on disk for bootstrap
  copy:
    content: "{{ kubeconfig_out.stdout }}"
    dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"