summaryrefslogtreecommitdiffstats
path: root/roles/openshift_resource
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
commite4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch)
tree3a8a420d8d26e616491f31b322a006dd2b3e0e1c /roles/openshift_resource
parent96ced00e05b50f276841a9212ae89e018de4d92d (diff)
downloadands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'roles/openshift_resource')
-rw-r--r--roles/openshift_resource/defaults/main.yml3
-rw-r--r--roles/openshift_resource/tasks/patch.yml41
2 files changed, 43 insertions, 1 deletions
diff --git a/roles/openshift_resource/defaults/main.yml b/roles/openshift_resource/defaults/main.yml
index ec44c4f..7994827 100644
--- a/roles/openshift_resource/defaults/main.yml
+++ b/roles/openshift_resource/defaults/main.yml
@@ -1 +1,2 @@
-template_path: "/mnt/provision/templates"
+template_path: "{{ ands_paths.provision }}/templates"
+patch_path: "{{ ands_paths.provision }}/patches" \ No newline at end of file
diff --git a/roles/openshift_resource/tasks/patch.yml b/roles/openshift_resource/tasks/patch.yml
new file mode 100644
index 0000000..e2bbcfa
--- /dev/null
+++ b/roles/openshift_resource/tasks/patch.yml
@@ -0,0 +1,41 @@
+---
+- name: Lookup the specified resource
+ command: "oc get -n '{{project}}' '{{resource}}' -o json"
+ register: orig_result
+ changed_when: 0
+
+- name: Lookup API version of the specified resource
+ command: "oc get -n '{{project}}' '{{resource}}' --template {{'{{' + '.apiVersion' + '}}'}}"
+ register: api_version
+ changed_when: 0
+
+# Fucking ansible is making mess of escaping. Main problem it parses to objects strings starting with '{ ... }', but not with ' { ... }'
+- name: Escaping patch
+ set_fact: xpatch='{{patch | to_json | regex_replace(" ","") | regex_replace("^", " ")}}'
+
+- name: Generate dummy patch {{resource}} in {{project}}
+ command: "oc patch -n '{{project}}' --patch ' {\"apiVersion\": \"{{api_version.stdout}}\"}' --local=true -f - -o json"
+ args:
+ stdin: " {{ orig_result.stdout_lines | join('') }}"
+ register: dummy_result
+ changed_when: 0
+
+- name: Generate test patch {{resource}} in {{project}}
+ command: "oc patch -n '{{project}}' --patch '{{xpatch}}' --local=true -f - -o json"
+ args:
+ stdin: " {{ orig_result.stdout_lines | join('') }}"
+ register: patch_result
+ changed_when: 0
+
+#- debug: msg="{{ dummy_result.stdout }}"
+# when: dummy_result.stdout != patch_result.stdout
+
+#- debug: msg="{{ patch_result.stdout }}"
+# when: dummy_result.stdout != patch_result.stdout
+
+- name: Patch {{resource}} in {{project}}
+ command: "oc patch -n '{{project}}' '{{resource}}' --patch '{{xpatch}}'"
+ register: result
+ changed_when: (result | succeeded)
+ when: dummy_result.stdout != patch_result.stdout
+ \ No newline at end of file