okd/roles/openshift_serviceaccounts/tasks/main.yml

---
- name: create the service account
  oc_serviceaccount:
    name: "{{ item }}"
    namespace: "{{ openshift_serviceaccounts_namespace }}"
    state: present
  with_items:
  - "{{ openshift_serviceaccounts_names }}"

- name: test if scc needs to be updated
  command: >
      {{ openshift.common.client_binary }} get scc {{ item }} -o yaml
  changed_when: false
  failed_when: false
  register: scc_test
  with_items: "{{ openshift_serviceaccounts_sccs }}"

- name: Grant the user access to the appropriate scc
  command: >
      {{ openshift.common.client_binary }} adm policy add-scc-to-user
      {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
  when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}"
  with_nested:
  - "{{ openshift_serviceaccounts_names }}"
  - "{{ scc_test.results }}"

- include: legacy_add_scc_to_user.yml
  when: not openshift.common.version_gte_3_1_or_1_1