Initial import

1 files changed, 40 insertions, 0 deletions

diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
new file mode 100644
index 0000000..35323cb
--- /dev/null
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -0,0 +1,40 @@
+---
+- name: Configure cluster roles
+  command: "oc adm policy add-cluster-role-to-user {{  item.key.split('/')[0] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
+  with_dict: "{{ ands_openshift_roles }}"
+  when: "{{ item.key.split('/') | length == 1 }}"
+
+- name: Get project list
+  command: "oc get projects -o json"
+  changed_when: false
+  register: results
+
+- name: Find missing projects
+  set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
+  when: (results | succeeded)
+
+- name: Create missing projects
+  command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
+  with_items: "{{ new_projects | default([]) }}"
+
+- name: Configure per project roles
+  command: "oc adm policy add-role-to-user -n {{  item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
+  with_dict: "{{ ands_openshift_roles }}"
+  when: "{{ item.key.split('/') | length == 2 }}"
+
+- name: Get user list
+  command: "oc get users -o json"
+  changed_when: false
+  register: results
+
+- name: Find removed users
+  set_fact: removed_users="{{ results.stdout | from_json | json_query('items[*].metadata.name') | difference(ands_openshift_users.keys()) }}"
+  when: (results | succeeded)
+
+- name: Create missing projects
+  command: "oc delete identity htpasswd_auth:{{ item }}"
+  with_items: "{{ removed_users | default([]) }}"
+
+- name: Create missing projects
+  command: "oc delete user {{ item }}"
+  with_items: "{{ removed_users | default([]) }}"