From b0f065dde8ddf14a8712a769152e63faea6688a3 Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Thu, 9 Feb 2017 13:50:29 +0100
Subject: Replace service account secrets handling with
 oc_serviceaccount_secret module

---
 roles/openshift_hosted/meta/main.yml               |  1 +
 roles/openshift_hosted/tasks/registry/secure.yml   | 10 ++++++----
 .../tasks/registry/storage/object_storage.yml      | 22 ++++++----------------
 3 files changed, 13 insertions(+), 20 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index ca5e88b15..ced71bb41 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -14,6 +14,7 @@ galaxy_info:
 dependencies:
 - role: openshift_cli
 - role: openshift_hosted_facts
+- role: lib_openshift
 - role: openshift_projects
   openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
 - role: openshift_serviceaccounts
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index d87a3847c..84b69d94c 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -54,10 +54,12 @@
   failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
 
 - name: "Add the secret to the registry's pod service accounts"
-  command: >
-    {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates
-    --config={{ openshift_hosted_kubeconfig  }}
-    -n default
+  oc_serviceaccount_secret:
+    service_account: "{{ item }}"
+    secret: registry-certificates
+    namespace: default
+    kubeconfig: "{{ openshift_hosted_kubeconfig  }}"
+    state: present
   with_items:
   - registry
   - default
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
index e56a68e27..15128784e 100644
--- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -53,23 +53,13 @@
     create -f -
   when: secrets.rc == 1
 
-- name: Determine if service account contains secrets
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    get serviceaccounts registry
-    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
-  register: serviceaccount
-  changed_when: false
-
 - name: Add secrets to registry service account
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
-  when: serviceaccount.stdout == ''
+  oc_serviceaccount_secret:
+    service_account: registry
+    secret: "{{ registry_config_secret_name }}"
+    namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+    kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+    state: present
 
 - name: Determine if deployment config contains secrets
   command: >
-- 
cgit v1.2.3