Merge pull request #29 from rh-mobb/fix_classic_op_roles

fix classic operator files in wrong place
rh-mobb · Feb 14, 2024 · 785a7d1 · 785a7d1
2 parents e9678a3 + a90ee13
commit 785a7d1
Show file tree

Hide file tree

Showing 10 changed files with 14 additions and 6 deletions.
diff --git a/Makefile b/Makefile
@@ -40,10 +40,12 @@ pull: docker.image.pull
 
 
 create:
-	$(ANSIBLE) create-cluster.yaml
+	$(ANSIBLE) create-cluster.yaml -i ./environment/default/hosts \
+	  --extra-vars "cluster_name=$(CLUSTER_NAME) rosa_account_roles_prefix=$(CLUSTER_NAME)"
 
 delete:
-	$(ANSIBLE) delete-cluster.yaml
+	$(ANSIBLE) delete-cluster.yaml -i ./environment/default/hosts \
+	  --extra-vars "cluster_name=$(CLUSTER_NAME) rosa_account_roles_prefix=$(CLUSTER_NAME)"
 
 create.multiaz:
 	$(ANSIBLE) create-cluster.yaml -i ./environment/multi-az/hosts \

diff --git a/environment/default/group_vars/all.yaml b/environment/default/group_vars/all.yaml
@@ -1,4 +1,4 @@
-cluster_name: rosa-cwooley-ans
+cluster_name: ansible-rosa
 # rosa_disable_workload_monitoring: true
 rosa_private_link: false
 # note private-link forces private to be true

diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: rh_mobb
 name: rosa
-version: 3.0.0
+version: 3.0.1
 readme: README.md
 authors:
   - Paul Czarkowski <[email protected]>

diff --git a/roles/rosa_cluster/tasks/absent/main.yml b/roles/rosa_cluster/tasks/absent/main.yml
@@ -59,6 +59,6 @@
     name: rosa_operator_roles
   vars:
     rosa_operator_roles:
-      operator_roles_prefix: "{{ _operator_roles_prefix }}"
+      operator_roles_prefix: "{{ _operator_roles_prefix | default(omit) }}"
       oidc_endpoint_url: "{{ _oidc_endpoint_url | default(omit) }}"
-
+  when: _operator_roles_prefix is defined
diff --git a/...ic/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json b/...ic/openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys"], "Effect": "Allow", "Resource": "*"}]}
diff --git a/...les/files/classic/openshift_cloud_network_config_controller_cloud_credentials_policy.json b/...les/files/classic/openshift_cloud_network_config_controller_cloud_credentials_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:UnassignPrivateIpAddresses", "ec2:AssignPrivateIpAddresses", "ec2:UnassignIpv6Addresses", "ec2:AssignIpv6Addresses", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces"], "Effect": "Allow", "Resource": "*"}]}
diff --git a/...rator_roles/files/classic/openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json b/...rator_roles/files/classic/openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["ec2:AttachVolume", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:DeleteVolume", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DetachVolume", "ec2:ModifyVolume"], "Effect": "Allow", "Resource": "*"}]}
diff --git a/...ator_roles/files/classic/openshift_image_registry_installer_cloud_credentials_policy.json b/...ator_roles/files/classic/openshift_image_registry_installer_cloud_credentials_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["s3:CreateBucket", "s3:DeleteBucket", "s3:PutBucketTagging", "s3:GetBucketTagging", "s3:PutBucketPublicAccessBlock", "s3:GetBucketPublicAccessBlock", "s3:PutEncryptionConfiguration", "s3:GetEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:GetLifecycleConfiguration", "s3:GetBucketLocation", "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucketMultipartUploads", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts"], "Effect": "Allow", "Resource": "*"}]}
diff --git a/...osa_operator_roles/files/classic/openshift_ingress_operator_cloud_credentials_policy.json b/...osa_operator_roles/files/classic/openshift_ingress_operator_cloud_credentials_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["elasticloadbalancing:DescribeLoadBalancers", "route53:ListHostedZones", "route53:ChangeResourceRecordSets", "tag:GetResources"], "Effect": "Allow", "Resource": "*"}]}
diff --git a/...rosa_operator_roles/files/classic/openshift_machine_api_aws_cloud_credentials_policy.json b/...rosa_operator_roles/files/classic/openshift_machine_api_aws_cloud_credentials_policy.json
@@ -0,0 +1 @@
+{"Version": "2012-10-17", "Statement": [{"Action": ["ec2:CreateTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeInstanceTypes", "ec2:DescribeSecurityGroups", "ec2:DescribeRegions", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:TerminateInstances", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "iam:PassRole", "iam:CreateServiceLinkedRole"], "Effect": "Allow", "Resource": "*"}, {"Action": ["kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlainText", "kms:DescribeKey"], "Effect": "Allow", "Resource": "*"}, {"Action": ["kms:RevokeGrant", "kms:CreateGrant", "kms:ListGrants"], "Effect": "Allow", "Resource": "*", "Condition": {"Bool": {"kms:GrantIsForAWSResource": true}}}]}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"Version": "2012-10-17", "Statement": [{"Action": ["iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys"], "Effect": "Allow", "Resource": "*"}]}