Updating to compare sets instead of sorted lists

filter_plugins/oo_filters.py

@@ -1008,20 +1008,22 @@ def oo_random_word(length, source='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRS
     """
     return ''.join(random.choice(source) for i in range(length))
 
+
 def oo_contains_rule(source, apiGroups, resources, verbs):
     '''Return true if the specified rule is contained within the provided source'''
 
-    rules=source['rules']
+    rules = source['rules']
 
     if rules:
         for rule in rules:
-            if rule['apiGroups'].sort() == apiGroups.sort():
-                if rule['resources'].sort() == resources.sort():
-                    if rule['verbs'].sort() == verbs.sort():
+            if set(rule['apiGroups']) == set(apiGroups):
+                if set(rule['resources']) == set(resources):
+                    if set(rule['verbs']) == set(verbs):
                         return True
 
     return False
 
+
 class FilterModule(object):
     """ Custom ansible filter mapping """
 

roles/openshift_service_catalog/tasks/install.yml

@@ -80,14 +80,14 @@
   vars:
     original_content: "{{ edit_yaml.results.results[0] | to_yaml }}"
   when:
-  - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
+    - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 # only do this if we don't already have the updated role info
 - name: update edit role for service catalog and pod preset access
   command: >
     oc replace -f {{ mktemp.stdout }}/edit_sc_patch.yml
   when:
-  - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
+    - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 - oc_obj:
     name: admin
@@ -103,14 +103,14 @@
   vars:
     original_content: "{{ admin_yaml.results.results[0] | to_yaml }}"
   when:
-  - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
+    - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 # only do this if we don't already have the updated role info
 - name: update admin role for service catalog and pod preset access
   command: >
     oc replace -f {{ mktemp.stdout }}/admin_sc_patch.yml
   when:
-  - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
+    - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
 
 - shell: >
     oc get policybindings/kube-system:default -n kube-system || echo "not found"