roles/openshift_management/tasks/accounts.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

---
# This role task file is responsible for user/system account creation,
# and ensuring correct access is provided as required.
- name: Ensure the CFME system accounts exist
  oc_serviceaccount:
    namespace: "{{ openshift_management_project }}"
    state: present
    name: "{{ __openshift_management_flavor_short }}{{ item.name }}"
  with_items:
    - "{{ __openshift_system_account_sccs }}"

- name: Ensure the CFME system accounts have all the required SCCs
  oc_adm_policy_user:
    namespace: "{{ openshift_management_project }}"
    user: "system:serviceaccount:{{ openshift_management_project }}:{{ __openshift_management_flavor_short }}{{ item.name }}"
    resource_kind: scc
    resource_name: "{{ item.resource_name }}"
  with_items:
    - "{{ __openshift_system_account_sccs }}"

- name: Ensure the CFME system accounts have the required roles
  oc_adm_policy_user:
    namespace: "{{ openshift_management_project }}"
    user: "system:serviceaccount:{{ openshift_management_project }}:{{ __openshift_management_flavor_short }}{{ item.name }}"
    resource_kind: role
    resource_name: "{{ item.resource_name }}"
  with_items:
    - "{{ __openshift_management_system_account_roles }}"