| 12345678910111213141516171819202122232425262728293031323334353637 |
- - name: test if service accounts exists
- command: >
- {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
- with_items: "{{ openshift_serviceaccounts_names }}"
- failed_when: false
- changed_when: false
- register: account_test
- - name: create the service account
- shell: >
- echo {{ lookup('template', '../templates/serviceaccount.j2')
- | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }}
- -n {{ openshift_serviceaccounts_namespace }} create -f -
- when: item.1.rc != 0
- with_together:
- - "{{ openshift_serviceaccounts_names }}"
- - "{{ account_test.results }}"
- - name: test if scc needs to be updated
- command: >
- {{ openshift.common.client_binary }} get scc {{ item }} -o yaml
- changed_when: false
- failed_when: false
- register: scc_test
- with_items: "{{ openshift_serviceaccounts_sccs }}"
- - name: Grant the user access to the appropriate scc
- command: >
- {{ openshift.common.admin_binary }} policy add-scc-to-user
- {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
- when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}"
- with_nested:
- - "{{ openshift_serviceaccounts_names }}"
- - "{{ scc_test.results }}"
- - include: legacy_add_scc_to_user.yml
- when: not openshift.common.version_gte_3_1_or_1_1
|
