diff options
author | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-16 10:14:10 -0500 |
---|---|---|
committer | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-16 10:51:03 -0500 |
commit | 40ca512e39add508ee20c913efa71648fd5e2275 (patch) | |
tree | 46afa6d25272c52433b7a2eeb0f6c814cd4c265f /roles | |
parent | 4e6297c8d99b0ef38bdc3375b14107cf21754348 (diff) | |
download | openshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.gz openshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.bz2 openshift-40ca512e39add508ee20c913efa71648fd5e2275.tar.xz openshift-40ca512e39add508ee20c913efa71648fd5e2275.zip |
Handle case where the user already had access to the scc
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml index 628df4540..1efab9466 100644 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml @@ -26,9 +26,12 @@ - name: Add security context constraint for {{ item }} lineinfile: dest: /tmp/openshift/scc.yaml - line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}" + line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}" insertafter: "^users:$" - with_items: openshift_serviceaccounts_names + when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" + with_nested: + - openshift_serviceaccounts_names + - scc_test.results - name: Apply new scc rules for service accounts command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" |