blob: 5b80f1e6e1f2a8b9202ac8861d25561ef22d9a67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
---
- name: Ensure OpenShift patch directory exists
file: path="{{ ands_openshift_patch_path }}" state="directory" mode=0644 owner=root group=root
# No spaces in patch, otherwise escaping mess...
- name: Patch group range in project configuration
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
project: "{{ item.key }}"
resource: "ns/{{ item.key }}"
patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ item.value }}"}}}'
patch_path: "{{ ands_openshift_patch_path }}"
with_dict: "{{ ands_openshift_gid_ranges | default({}) }}"
- name: Patch uid range in project configuration
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
project: "{{ item.key }}"
resource: "ns/{{ item.key }}"
patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ item.value }}"}}}'
patch_path: "{{ ands_openshift_patch_path }}"
with_dict: "{{ ands_openshift_uid_ranges | default({}) }}"
- name: Restrict supplementalGroups
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
project: "{{ item.key }}"
resource: "scc/restricted"
modes: "{{ ands_openshift_gid_mode | default({}) }}"
mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
patch: '{"supplementalGroups":{"type":"{{mode}}"}}'
patch_path: "{{ ands_openshift_patch_path }}"
when: mode != false
with_dict: "{{ ands_openshift_projects | default({}) }}"
- name: Configure runAsUser
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
project: "{{ item.key }}"
resource: "scc/restricted"
modes: "{{ ands_openshift_uid_mode | default({}) }}"
mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
patch: '{"runAsUser":{"type":"{{mode}}"}}'
patch_path: "{{ ands_openshift_patch_path }}"
when: mode != false
with_dict: "{{ ands_openshift_projects | default({}) }}"
|
