summaryrefslogtreecommitdiffstats
path: root/roles/openshift_serviceaccounts/tasks
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2017-03-13 13:11:28 -0400
committerRussell Teague <rteague@redhat.com>2017-03-13 14:45:33 -0400
commite879931d0d093fac33c5c3bd8d32fab176e68c93 (patch)
treece3c325023b4ea51209bdeeebfa10e047f2bf115 /roles/openshift_serviceaccounts/tasks
parent608b6debb28d9b477d21cd78f01d0bfbcd04cd01 (diff)
downloadopenshift-e879931d0d093fac33c5c3bd8d32fab176e68c93.tar.gz
openshift-e879931d0d093fac33c5c3bd8d32fab176e68c93.tar.bz2
openshift-e879931d0d093fac33c5c3bd8d32fab176e68c93.tar.xz
openshift-e879931d0d093fac33c5c3bd8d32fab176e68c93.zip
Refactor and remove openshift_serviceaccount
Diffstat (limited to 'roles/openshift_serviceaccounts/tasks')
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml38
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml28
2 files changed, 0 insertions, 66 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
deleted file mode 100644
index b8cbe9a84..000000000
--- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-####
-#
-# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
-#
-####
-
-- name: tmp dir for openshift
- file:
- path: /tmp/openshift
- state: directory
- owner: root
- mode: 0700
-
-- name: Create service account configs
- template:
- src: serviceaccount.j2
- dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: '{{ openshift_serviceaccounts_names }}'
-
-- name: Get current security context constraints
- shell: >
- {{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/openshift/scc.yaml
- changed_when: false
-
-- name: Add security context constraint for {{ item }}
- lineinfile:
- dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
- insertafter: "^users:$"
- when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
- with_nested:
- - '{{ openshift_serviceaccounts_names }}'
- - '{{ scc_test.results }}'
-
-- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
deleted file mode 100644
index 1d570fa5b..000000000
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: create the service account
- oc_serviceaccount:
- name: "{{ item }}"
- namespace: "{{ openshift_serviceaccounts_namespace }}"
- state: present
- with_items:
- - "{{ openshift_serviceaccounts_names }}"
-
-- name: test if scc needs to be updated
- command: >
- {{ openshift.common.client_binary }} get scc {{ item }} -o yaml
- changed_when: false
- failed_when: false
- register: scc_test
- with_items: "{{ openshift_serviceaccounts_sccs }}"
-
-- name: Grant the user access to the appropriate scc
- command: >
- {{ openshift.common.client_binary }} adm policy add-scc-to-user
- {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
- when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}"
- with_nested:
- - "{{ openshift_serviceaccounts_names }}"
- - "{{ scc_test.results }}"
-
-- include: legacy_add_scc_to_user.yml
- when: not openshift.common.version_gte_3_1_or_1_1