WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 20:12:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,500 Commits 9 Branches 0 Tags
012447730e5696794deac2deb741bab16d2f28b2
Commit Graph

45 Commits

Author SHA1 Message Date
Patrick Uiterwijk
43af7f9206 Fix up egresspolicy source vs dest 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-20 09:44:10 +02:00
Patrick Uiterwijk
6bf7c579c2 make egresspolicy customization less simple 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-03 15:47:23 +02:00
Patrick Uiterwijk
c07c9415a0 Allow custom egress policies for special cases 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-03 15:43:39 +02:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Patrick Uiterwijk
bbaa0f409b openshift/project: fix if condition 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:54:16 +02:00
Patrick Uiterwijk
446d00d549 Add tag to egresspolicy role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:42:49 +02:00
Patrick Uiterwijk
72ac044a5e openshift/project: simplify egresspolicy - different env db won't allow access anyway 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:41:55 +02:00
Patrick Uiterwijk
8de1035266 Make the var into a default 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:35:39 +02:00
Patrick Uiterwijk
eac122c543 openshift/project: define default egress policy to prevent fas db access 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:32:55 +02:00
Patrick Uiterwijk
878988d92d Revert "Disable auto-update for appowners role" 
This reverts commit 10c88b0933.
 2018-12-08 20:02:53 +01:00
Patrick Uiterwijk
10c88b0933 Disable auto-update for appowners role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-12-04 07:55:27 +01:00
Kevin Fenzi
6c24a3e84b add rollbacks to app owners in openshift 2018-11-15 22:13:13 +00:00
Patrick Uiterwijk
864f2e1372 Fix up the appowners binding to use the namespace-local one 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-13 10:39:56 +02:00
Mikolaj Izdebski
bbdceb24c6 Allow appowners to run builds (create buildconfigs/instantiate) 2018-08-23 20:27:59 +00:00
Mikolaj Izdebski
c0b53f5bd8 Reorganize os appowners role yaml 2018-08-23 20:25:29 +00:00
Kevin Fenzi
53b40839ff update apiGroups 2018-08-23 19:54:54 +00:00
Patrick Uiterwijk
8f7596d509 Deploymentconfigs/logs has been moved to the openshift.io group 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-04 14:04:17 +02:00
Patrick Uiterwijk
51769d8533 Change when 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-03 13:59:10 +02:00
Patrick Uiterwijk
09a12cf4b5 When we try to apply project.yml, the namespace does not yet exist 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-03 13:58:06 +02:00
Patrick Uiterwijk
ff117118a5 Use consistent, permanent filenames 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 01:02:21 +00:00
Patrick Uiterwijk
2ef2b46a37 Openshift build logs have moved to another namespace. Allow that 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 21:26:28 +00:00
Patrick Uiterwijk
692ddc2f78 Some objects got promoted in kubernetes 1.8 to core 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 23:29:57 +01:00
Patrick Uiterwijk
78ff12f828 Update openshift role to use namespace-local roles 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 22:53:23 +01:00
Patrick Uiterwijk
b3ae5a8957 This is a 'create' on 'pods/attach', not 'attach' on 'pods' 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 17:15:23 +00:00
Patrick Uiterwijk
984d230e7a Allow appowners to attach to pods (Fixes #6548) 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 15:39:00 +00:00
Patrick Uiterwijk
b188cef81b Turns out that the subjects: thing is just informational 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-01 00:16:39 +00:00
Patrick Uiterwijk
363a554afb Allow openshift appowners in staging access to exec pods 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-23 16:03:43 +00:00
Patrick Uiterwijk
c591f490b8 Make appowners in staging more powerful 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-13 00:04:08 +00:00
Patrick Uiterwijk
b1f0cd0a55 Make this rerunnable 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-09 00:58:34 +00:00
Patrick Uiterwijk
de19d64c1c Add link to upstream bug for record 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:50:03 +00:00
Patrick Uiterwijk
cba7d519d4 Silly me, ClusterRoles are separate objects 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:45:48 +00:00
Patrick Uiterwijk
0d614913d1 Turns out 'global' is not a valid variable name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:43:45 +00:00
Patrick Uiterwijk
e0f9332d86 Turns out that namespace-local roles are broken pre openshift 3.6 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:42:44 +00:00
Patrick Uiterwijk
8347455e74 I thought I learned last week that roles need their namespace specified... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:59 +00:00
Patrick Uiterwijk
1ad53acd23 And *this* is plural. Man, singular and plural are hard 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:04 +00:00
Patrick Uiterwijk
e93950fc08 I named this singular 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:56:14 +00:00
Patrick Uiterwijk
59949db84d Only create project if it did not exist yet 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:53:55 +00:00
Patrick Uiterwijk
f51408ac1a Remove project-level admins 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-08 21:45:40 +02:00
Patrick Uiterwijk
65f21ee450 Allow specifying appowners for projects 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-08 21:45:19 +02:00
Dan Callaghan
0a9f8119cb Revert "trying to fix "field is immutable" error from oc apply" 
This reverts commit 336d4e71ce.
It didn't help.
 2017-09-29 20:55:15 +10:00
Dan Callaghan
336d4e71ce trying to fix "field is immutable" error from oc apply 
I don't think we should be trying to set creationTimestamp, pretty sure
this is the field that OpenShift is complaining about.

Limited to stage because I don't want to risk breaking anything.
 2017-09-29 20:35:54 +10:00
Ricky Elrod
3cbed7801b missed one 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-08-01 16:02:09 +00:00
Ricky Elrod
d218a66512 remove some quotes 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-08-01 15:59:53 +00:00
Ricky Elrod
8b60f03258 The hell is a deploywer? 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-08-01 03:58:01 +00:00
Ricky Elrod
30021e1935 Add missing RoleBindings for waiverdb project, and abstract project out to openshift/project 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-08-01 03:54:10 +00:00