diff options
Diffstat (limited to 'roles/openshift_cfme/tasks/accounts.yml')
-rw-r--r-- | roles/openshift_cfme/tasks/accounts.yml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/openshift_cfme/tasks/accounts.yml b/roles/openshift_cfme/tasks/accounts.yml new file mode 100644 index 000000000..64976cd0e --- /dev/null +++ b/roles/openshift_cfme/tasks/accounts.yml @@ -0,0 +1,28 @@ +--- +# This role task file is responsible for user/system account creation, +# and ensuring correct access is provided as required. +- name: Ensure the CFME system accounts exist + oc_serviceaccount: + namespace: "{{ openshift_cfme_project }}" + state: present + name: "{{ openshift_cfme_flavor_short }}{{ item.name }}" + with_items: + - "{{ __openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have all the required SCCs + oc_adm_policy_user: + namespace: "{{ openshift_cfme_project }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" + resource_kind: scc + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ __openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have the required roles + oc_adm_policy_user: + namespace: "{{ openshift_cfme_project }}" + user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" + resource_kind: role + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ __openshift_cfme_system_account_roles }}" |