From e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Tue, 20 Feb 2018 15:10:45 +0100 Subject: Handling GlusterFS storage security in OpenShift containers --- roles/openshift_resource/defaults/main.yml | 3 ++- roles/openshift_resource/tasks/patch.yml | 41 ++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 roles/openshift_resource/tasks/patch.yml (limited to 'roles/openshift_resource') diff --git a/roles/openshift_resource/defaults/main.yml b/roles/openshift_resource/defaults/main.yml index ec44c4f..7994827 100644 --- a/roles/openshift_resource/defaults/main.yml +++ b/roles/openshift_resource/defaults/main.yml @@ -1 +1,2 @@ -template_path: "/mnt/provision/templates" +template_path: "{{ ands_paths.provision }}/templates" +patch_path: "{{ ands_paths.provision }}/patches" \ No newline at end of file diff --git a/roles/openshift_resource/tasks/patch.yml b/roles/openshift_resource/tasks/patch.yml new file mode 100644 index 0000000..e2bbcfa --- /dev/null +++ b/roles/openshift_resource/tasks/patch.yml @@ -0,0 +1,41 @@ +--- +- name: Lookup the specified resource + command: "oc get -n '{{project}}' '{{resource}}' -o json" + register: orig_result + changed_when: 0 + +- name: Lookup API version of the specified resource + command: "oc get -n '{{project}}' '{{resource}}' --template {{'{{' + '.apiVersion' + '}}'}}" + register: api_version + changed_when: 0 + +# Fucking ansible is making mess of escaping. Main problem it parses to objects strings starting with '{ ... }', but not with ' { ... }' +- name: Escaping patch + set_fact: xpatch='{{patch | to_json | regex_replace(" ","") | regex_replace("^", " ")}}' + +- name: Generate dummy patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' --patch ' {\"apiVersion\": \"{{api_version.stdout}}\"}' --local=true -f - -o json" + args: + stdin: " {{ orig_result.stdout_lines | join('') }}" + register: dummy_result + changed_when: 0 + +- name: Generate test patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' --patch '{{xpatch}}' --local=true -f - -o json" + args: + stdin: " {{ orig_result.stdout_lines | join('') }}" + register: patch_result + changed_when: 0 + +#- debug: msg="{{ dummy_result.stdout }}" +# when: dummy_result.stdout != patch_result.stdout + +#- debug: msg="{{ patch_result.stdout }}" +# when: dummy_result.stdout != patch_result.stdout + +- name: Patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' '{{resource}}' --patch '{{xpatch}}'" + register: result + changed_when: (result | succeeded) + when: dummy_result.stdout != patch_result.stdout + \ No newline at end of file -- cgit v1.2.3