Merge pull request #3905 from kwoodson/nuage_idempotency

[nuage_master] Adding module calls instead of command for idempotency.

roles/nuage_master/tasks/serviceaccount.yml

@@ -1,40 +1,19 @@
 ---
-- name: Create temporary directory for admin kubeconfig
-  command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
-  register: nuage_tmp_conf_mktemp
-  changed_when: False
-  run_once: True
-  delegate_to: "{{ nuage_ca_master }}"
-
-- set_fact:
-    nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
-  run_once: True
-  delegate_to: "{{ nuage_ca_master }}"
-
-- name: Copy Configuration to temporary conf
-  command: >
-    cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
-  changed_when: false
-  run_once: True
-  delegate_to: "{{ nuage_ca_master }}"
-
 - name: Create Admin Service Account
   oc_serviceaccount:
-    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
     name: nuage
     namespace: default
     state: present
   run_once: True
   delegate_to: "{{ nuage_ca_master }}"
 
 - name: Configure role/user permissions
-  command: >
-    {{ openshift.common.client_binary }} adm {{item}}
-    --config={{ nuage_tmp_conf }}
-  with_items: "{{nuage_tasks}}"
-  register: osnuage_perm_task
-  failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
-  changed_when: osnuage_perm_task.rc == 0
+  oc_adm_policy_user:
+    namespace: default
+    resource_name: "{{ item.resource_name }}"
+    resource_kind: "{{ item.resource_kind }}"
+    user: "{{ item.user }}"
+  with_items: "{{ nuage_tasks }}"
   run_once: True
   delegate_to: "{{ nuage_ca_master }}"
 
@@ -52,10 +31,3 @@
       --user={{ nuage_service_account }}
   delegate_to: "{{ nuage_ca_master }}"
   run_once: True
-
-- name: Clean temporary configuration file
-  command: >
-    rm -f {{nuage_tmp_conf}}
-  changed_when: false
-  delegate_to: "{{ nuage_ca_master }}"
-  run_once: True

roles/nuage_master/vars/main.yaml

@@ -23,4 +23,6 @@ nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
 nuage_service_account: system:serviceaccount:default:nuage
 
 nuage_tasks:
-  - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
+- resource_kind: cluster-role
+  resource_name: cluster-reader
+  user: "{{ nuage_service_account }}"