diff options
| author | Diego Castro <spinolacastro@gmail.com> | 2015-10-22 16:22:43 -0300 |
|---|---|---|
| committer | Diego Castro <spinolacastro@gmail.com> | 2015-10-22 16:22:43 -0300 |
| commit | f559eb3146c65a6ec58f0fed3eb2d1124c1314c7 (patch) | |
| tree | 24975a7a87568784b88252bc70d14f7b302670b0 /roles/openshift_serviceaccounts | |
| parent | 8468d25fae71c80277c10ad975641cb1ba230fd8 (diff) | |
| parent | e6d426fddd79c08452195cd32286bb600f62d51d (diff) | |
| download | openshift-f559eb3146c65a6ec58f0fed3eb2d1124c1314c7.tar.gz openshift-f559eb3146c65a6ec58f0fed3eb2d1124c1314c7.tar.bz2 openshift-f559eb3146c65a6ec58f0fed3eb2d1124c1314c7.tar.xz openshift-f559eb3146c65a6ec58f0fed3eb2d1124c1314c7.zip | |
fix merge conflicts
Diffstat (limited to 'roles/openshift_serviceaccounts')
| -rw-r--r-- | roles/openshift_serviceaccounts/tasks/main.yml | 26 | ||||
| -rw-r--r-- | roles/openshift_serviceaccounts/templates/serviceaccount.j2 | 4 |
2 files changed, 30 insertions, 0 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml new file mode 100644 index 000000000..d93a25a21 --- /dev/null +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Create service account configs + template: + src: serviceaccount.j2 + dest: "/tmp/{{ item }}-serviceaccount.yaml" + with_items: accounts + +- name: Create {{ item }} service account + command: > + {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml" + with_items: accounts + register: _sa_result + failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0" + changed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc == 0" + +- name: Get current security context constraints + shell: "{{ openshift.common.client_binary }} get scc privileged -o yaml > /tmp/scc.yaml" + +- name: Add security context constraint for {{ item }} + lineinfile: + dest: /tmp/scc.yaml + line: "- system:serviceaccount:default:{{ item }}" + insertafter: "^users:$" + with_items: accounts + +- name: Apply new scc rules for service accounts + command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml" diff --git a/roles/openshift_serviceaccounts/templates/serviceaccount.j2 b/roles/openshift_serviceaccounts/templates/serviceaccount.j2 new file mode 100644 index 000000000..931e249f9 --- /dev/null +++ b/roles/openshift_serviceaccounts/templates/serviceaccount.j2 @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ item }} |