Merge pull request #3307 from ingvagabund/oc_serviceaccount_secret

Replace service account secrets handling with oc_serviceaccount_secret module

playbooks/adhoc/s3_registry/s3_registry.yml

@@ -51,13 +51,16 @@
     command: oc secrets new dockerregistry /root/config.yml
     when: "'dockerregistry' not in secrets.stdout"
 
-  - name: Determine if service account contains secrets
-    command: oc describe serviceaccount/registry
-    register: serviceaccount
+  - name: Load lib_openshift modules
+    include_role:
+      name: lib_openshift
 
   - name: Add secrets to registry service account
-    command: oc secrets add serviceaccount/registry secrets/dockerregistry
-    when: "'dockerregistry' not in serviceaccount.stdout"
+    oc_serviceaccount_secret:
+      service_account: registry
+      secret: dockerregistry
+      namespace: default
+      state: present
 
   - name: Determine if deployment config contains secrets
     command: oc volume dc/docker-registry --list

roles/openshift_hosted/meta/main.yml

@@ -14,6 +14,7 @@ galaxy_info:
 dependencies:
 - role: openshift_cli
 - role: openshift_hosted_facts
+- role: lib_openshift
 - role: openshift_projects
   openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
 - role: openshift_serviceaccounts

roles/openshift_hosted/tasks/registry/secure.yml

@@ -54,10 +54,12 @@
   failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
 
 - name: "Add the secret to the registry's pod service accounts"
-  command: >
-    {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates
-    --config={{ openshift_hosted_kubeconfig  }}
-    -n default
+  oc_serviceaccount_secret:
+    service_account: "{{ item }}"
+    secret: registry-certificates
+    namespace: default
+    kubeconfig: "{{ openshift_hosted_kubeconfig  }}"
+    state: present
   with_items:
   - registry
   - default

roles/openshift_hosted/tasks/registry/storage/object_storage.yml

@@ -53,23 +53,13 @@
     create -f -
   when: secrets.rc == 1
 
-- name: Determine if service account contains secrets
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    get serviceaccounts registry
-    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
-  register: serviceaccount
-  changed_when: false
-
 - name: Add secrets to registry service account
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
-  when: serviceaccount.stdout == ''
+  oc_serviceaccount_secret:
+    service_account: registry
+    secret: "{{ registry_config_secret_name }}"
+    namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+    kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+    state: present
 
 - name: Determine if deployment config contains secrets
   command: >