---
- name: create registry serviceaccount
  oc_serviceaccount:
    state: present
    name: "{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
  changed_when: no

- name: grant the system:registry role to registry serviceaccount
  oc_adm_policy_user:
    state: present
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: cluster-role
    resource_name: system:registry
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"