summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-02-16 10:14:10 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2016-02-16 10:51:03 -0500
commit40ca512e39add508ee20c913efa71648fd5e2275 (patch)
tree46afa6d25272c52433b7a2eeb0f6c814cd4c265f /roles
parent4e6297c8d99b0ef38bdc3375b14107cf21754348 (diff)
downloadopenshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.gz
openshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.bz2
openshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.xz
openshift-40ca512e39add508ee20c913efa71648fd5e2275.zip
Handle case where the user already had access to the scc
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml7
1 files changed, 5 insertions, 2 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
index 628df4540..1efab9466 100644
--- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
+++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
@@ -26,9 +26,12 @@
- name: Add security context constraint for {{ item }}
lineinfile:
dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
+ line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
insertafter: "^users:$"
- with_items: openshift_serviceaccounts_names
+ when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
+ with_nested:
+ - openshift_serviceaccounts_names
+ - scc_test.results
- name: Apply new scc rules for service accounts
command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"