From 29282005c436d0e4730acbe1a1f2d792607ad490 Mon Sep 17 00:00:00 2001
From: Lenka Segura <lsegura@redhat.com>
Date: Wed, 20 Oct 2021 16:32:34 +0200
Subject: [PATCH] fcos-pipeline: Added openshift-apps/fcos-pipeline role

Signed-off-by: David Kirwan <dkirwan@redhat.com>
---
 playbooks/openshift-apps/fedora-coreos.yml    | 13 ++++++++++++
 .../fcos-pipeline/defaults/main.yaml          |  8 ++++++++
 .../fcos-pipeline/tasks/main.yaml             | 20 +++++++++++++++++++
 .../fcos-pipeline/templates/group.yaml        |  8 ++++++++
 .../fcos-pipeline/templates/project.yaml      |  8 ++++++++
 .../fcos-pipeline/templates/rolebinding.yaml  | 13 ++++++++++++
 6 files changed, 70 insertions(+)
 create mode 100644 playbooks/openshift-apps/fedora-coreos.yml
 create mode 100644 roles/openshift-apps/fcos-pipeline/defaults/main.yaml
 create mode 100644 roles/openshift-apps/fcos-pipeline/tasks/main.yaml
 create mode 100644 roles/openshift-apps/fcos-pipeline/templates/group.yaml
 create mode 100644 roles/openshift-apps/fcos-pipeline/templates/project.yaml
 create mode 100644 roles/openshift-apps/fcos-pipeline/templates/rolebinding.yaml

diff --git a/playbooks/openshift-apps/fedora-coreos.yml b/playbooks/openshift-apps/fedora-coreos.yml
new file mode 100644
index 0000000000..5ee9f69a6f
--- /dev/null
+++ b/playbooks/openshift-apps/fedora-coreos.yml
@@ -0,0 +1,13 @@
+---
+- hosts: os-control01.stg # :os-control01
+  user: root
+  gather_facts: false
+
+  roles:
+  - role: openshift-apps/fcos-pipeline
+    project_name: fcos-pipeline
+    project_description: Jenkins pipeline configuration for Fedora CoreOS.
+    appowners:
+    - dustymabe
+    - jlebon
+    - cverna
diff --git a/roles/openshift-apps/fcos-pipeline/defaults/main.yaml b/roles/openshift-apps/fcos-pipeline/defaults/main.yaml
new file mode 100644
index 0000000000..7f39ad445c
--- /dev/null
+++ b/roles/openshift-apps/fcos-pipeline/defaults/main.yaml
@@ -0,0 +1,8 @@
+project_name: fcos-pipeline
+project_description: Jenkins Pipeline Configuration for FHCOS
+appowners: []
+ocp_service_account: root
+project_templates:
+  - project.yaml
+  - group.yaml
+  - rolebinding.yaml
diff --git a/roles/openshift-apps/fcos-pipeline/tasks/main.yaml b/roles/openshift-apps/fcos-pipeline/tasks/main.yaml
new file mode 100644
index 0000000000..c106deb950
--- /dev/null
+++ b/roles/openshift-apps/fcos-pipeline/tasks/main.yaml
@@ -0,0 +1,20 @@
+- name: Create the directories to hold the templates
+  file:
+    path: "/root/ocp4/openshift-apps/"
+    state: directory
+    owner: root
+    group: root
+    mode: 0770
+    recurse: yes
+
+# generate the templates for project to be created
+- name: apply the template
+  template:
+    src: "{{ item }}"
+    dest: "/root/ocp4/openshift-apps/{{ item }}"
+  with_items: "{{ project_templates }}"
+
+# apply created openshift resources
+- name: oc apply resources
+  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{ item }}"
+  with_items: "{{ project_templates }}"
diff --git a/roles/openshift-apps/fcos-pipeline/templates/group.yaml b/roles/openshift-apps/fcos-pipeline/templates/group.yaml
new file mode 100644
index 0000000000..b4cefa6acb
--- /dev/null
+++ b/roles/openshift-apps/fcos-pipeline/templates/group.yaml
@@ -0,0 +1,8 @@
+kind: Group
+apiVersion: user.openshift.io/v1
+metadata:
+  name: "{{project_name}}-appowners"
+users:
+{% for item in appowners %}
+- "{{ item }}"
+{% endfor %}
diff --git a/roles/openshift-apps/fcos-pipeline/templates/project.yaml b/roles/openshift-apps/fcos-pipeline/templates/project.yaml
new file mode 100644
index 0000000000..5a5b3a17c3
--- /dev/null
+++ b/roles/openshift-apps/fcos-pipeline/templates/project.yaml
@@ -0,0 +1,8 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: "{{project_name}}"
+  annotations:
+    openshift.io/description: "{{ project_description }}"
+    openshift.io/display-name: "{{ project_name }}"
diff --git a/roles/openshift-apps/fcos-pipeline/templates/rolebinding.yaml b/roles/openshift-apps/fcos-pipeline/templates/rolebinding.yaml
new file mode 100644
index 0000000000..e2b09fcd8f
--- /dev/null
+++ b/roles/openshift-apps/fcos-pipeline/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "{{project_name}}-appowners"
+  namespace: "{{project_name}}"
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: "{{project_name}}-appowners"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin