WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 15:42:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
38,302 Commits 9 Branches 0 Tags
b7e5056a4ec6fda678d33f052d6980775fa16cf1
Commit Graph

57 Commits

Author SHA1 Message Date
Kevin Fenzi
8d3c180496 openshift / project: do not recurse on permissions 
There's some files that get created later (like keytabs) that we don't
want to keep changing back and forth and causing things to not be
idempotent.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-21 14:16:56 -07:00
Mark O Brien
5d906f9b8c openshift: undo uneccesary changes 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 18:01:22 +00:00
Mark O Brien
2d9b23d066 openshift: change shell to command 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 17:20:57 +00:00
Mark O Brien
cebd4ce05f openshift: check return code instead of stderr 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 11:51:40 +00:00
Mark O Brien
baf4fb0812 openshift: remove temp debug command 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 11:49:34 +00:00
Mark O Brien
dc2c941c49 openshift: fix yaml indentation 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 11:42:26 +00:00
Mark O Brien
45fb1e6af1 openshift: add temp debug statement 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-02-02 11:41:11 +00:00
Francois Andrieu
911bb8ac4f openshift: allow appowner to start a rollout 2021-04-28 21:32:05 +00:00
Francois Andrieu
492fe4f671 openshift: update egressPolicy for iad2 2021-04-03 18:44:31 +00:00
Adam Saleh
7bbb860d52 Add more privileges to appowners on staging. 2021-03-15 16:13:37 +01:00
Michael Scherer
dfdd9ab4d4 Fix typo in the name 
Mainly to increase my edit count
 2020-04-24 21:34:25 +02:00
Luca BRUNO
9c64952e3b openshift/rbac: allow project owners to cancel-builds 
This tweaks project-owners RBAC to allow updating a build, in order
to make `cancel-build` work.

Ref: https://pagure.io/fedora-infrastructure/issue/8005
Signed-off-by: Luca BRUNO <luca.bruno@coreos.com>
 2020-04-24 21:34:11 +02:00
Patrick Uiterwijk
43af7f9206 Fix up egresspolicy source vs dest 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-20 09:44:10 +02:00
Patrick Uiterwijk
6bf7c579c2 make egresspolicy customization less simple 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-03 15:47:23 +02:00
Patrick Uiterwijk
c07c9415a0 Allow custom egress policies for special cases 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-06-03 15:43:39 +02:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Patrick Uiterwijk
bbaa0f409b openshift/project: fix if condition 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:54:16 +02:00
Patrick Uiterwijk
446d00d549 Add tag to egresspolicy role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:42:49 +02:00
Patrick Uiterwijk
72ac044a5e openshift/project: simplify egresspolicy - different env db won't allow access anyway 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:41:55 +02:00
Patrick Uiterwijk
8de1035266 Make the var into a default 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:35:39 +02:00
Patrick Uiterwijk
eac122c543 openshift/project: define default egress policy to prevent fas db access 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 13:32:55 +02:00
Patrick Uiterwijk
878988d92d Revert "Disable auto-update for appowners role" 
This reverts commit 10c88b0933.
 2018-12-08 20:02:53 +01:00
Patrick Uiterwijk
10c88b0933 Disable auto-update for appowners role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-12-04 07:55:27 +01:00
Kevin Fenzi
6c24a3e84b add rollbacks to app owners in openshift 2018-11-15 22:13:13 +00:00
Patrick Uiterwijk
864f2e1372 Fix up the appowners binding to use the namespace-local one 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-13 10:39:56 +02:00
Mikolaj Izdebski
bbdceb24c6 Allow appowners to run builds (create buildconfigs/instantiate) 2018-08-23 20:27:59 +00:00
Mikolaj Izdebski
c0b53f5bd8 Reorganize os appowners role yaml 2018-08-23 20:25:29 +00:00
Kevin Fenzi
53b40839ff update apiGroups 2018-08-23 19:54:54 +00:00
Patrick Uiterwijk
8f7596d509 Deploymentconfigs/logs has been moved to the openshift.io group 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-04 14:04:17 +02:00
Patrick Uiterwijk
51769d8533 Change when 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-03 13:59:10 +02:00
Patrick Uiterwijk
09a12cf4b5 When we try to apply project.yml, the namespace does not yet exist 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-03 13:58:06 +02:00
Patrick Uiterwijk
ff117118a5 Use consistent, permanent filenames 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 01:02:21 +00:00
Patrick Uiterwijk
2ef2b46a37 Openshift build logs have moved to another namespace. Allow that 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 21:26:28 +00:00
Patrick Uiterwijk
692ddc2f78 Some objects got promoted in kubernetes 1.8 to core 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 23:29:57 +01:00
Patrick Uiterwijk
78ff12f828 Update openshift role to use namespace-local roles 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-03-09 22:53:23 +01:00
Patrick Uiterwijk
b3ae5a8957 This is a 'create' on 'pods/attach', not 'attach' on 'pods' 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 17:15:23 +00:00
Patrick Uiterwijk
984d230e7a Allow appowners to attach to pods (Fixes #6548) 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-15 15:39:00 +00:00
Patrick Uiterwijk
b188cef81b Turns out that the subjects: thing is just informational 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-01 00:16:39 +00:00
Patrick Uiterwijk
363a554afb Allow openshift appowners in staging access to exec pods 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-23 16:03:43 +00:00
Patrick Uiterwijk
c591f490b8 Make appowners in staging more powerful 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-13 00:04:08 +00:00
Patrick Uiterwijk
b1f0cd0a55 Make this rerunnable 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-09 00:58:34 +00:00
Patrick Uiterwijk
de19d64c1c Add link to upstream bug for record 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:50:03 +00:00
Patrick Uiterwijk
cba7d519d4 Silly me, ClusterRoles are separate objects 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:45:48 +00:00
Patrick Uiterwijk
0d614913d1 Turns out 'global' is not a valid variable name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:43:45 +00:00
Patrick Uiterwijk
e0f9332d86 Turns out that namespace-local roles are broken pre openshift 3.6 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 20:42:44 +00:00
Patrick Uiterwijk
8347455e74 I thought I learned last week that roles need their namespace specified... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:59 +00:00
Patrick Uiterwijk
1ad53acd23 And *this* is plural. Man, singular and plural are hard 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:57:04 +00:00
Patrick Uiterwijk
e93950fc08 I named this singular 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:56:14 +00:00
Patrick Uiterwijk
59949db84d Only create project if it did not exist yet 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 19:53:55 +00:00
Patrick Uiterwijk
f51408ac1a Remove project-level admins 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-08 21:45:40 +02:00