|
|
@@ -26,9 +26,12 @@
|
|
|
- name: Add security context constraint for {{ item }}
|
|
|
lineinfile:
|
|
|
dest: /tmp/openshift/scc.yaml
|
|
|
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
|
|
|
+ line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
|
|
|
insertafter: "^users:$"
|
|
|
- with_items: openshift_serviceaccounts_names
|
|
|
+ when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
|
|
|
+ with_nested:
|
|
|
+ - openshift_serviceaccounts_names
|
|
|
+ - scc_test.results
|
|
|
|
|
|
- name: Apply new scc rules for service accounts
|
|
|
command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
|
Brenton Leanhardt