Add missing RoleBindings for waiverdb project, and abstract project out to openshift/project

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

playbooks/openshift-apps/waiverdb.yml

@@ -9,7 +9,7 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - { role: openshift/object, app: waiverdb, template: project.yml, description: waiverdb }
+  - { role: openshift/project, app: waiverdb, description: waiverdb, fas_owner: codeblock }
   - { role: openshift/object, app: waiverdb, template: secret.yml }
   #- { role: openshift/secret-file
   #  , app: waiverdb

roles/openshift/object/tasks/main.yml

@@ -8,6 +8,11 @@
   when: template is defined
   run_once: true
 
+- name: Copy template {{template_fullpath}} to temporary file ({{tmpfile.path}})
+  template: src={{template_fullpath}} dest={{tmpfile.path}}
+  when: template_fullpath is defined
+  run_once: true
+
 - name: Copy file {{file}} to temporary file ({{tmpfile.path}})
   copy: src={{roles_path}}/openshift-apps/{{app}}/files/{{file}} dest={{tmpfile.path}}
   when: file is defined

roles/openshift/project/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: project.yml
+  include_role:
+    name: openshift/object
+  vars:
+    template_fullpath: "{{roles_path}}/openshift/project/templates/project.yml"
+
+- name: admin.yml
+  include_role:
+    name: openshift/object
+  vars:
+    template_fullpath: "{{roles_path}}/openshift/project/templates/admin.yml"
+
+- name: deployer.yml
+  include_role:
+    name: openshift/object
+  vars:
+    template_fullpath: "{{roles_path}}/openshift/project/templates/deploywer.yml"
+
+- name: imagebuilder.yml
+  include_role:
+    name: openshift/object
+  vars:
+    template_fullpath: "{{roles_path}}/openshift/project/templates/imagebuilder.yml"
+
+- name: imagepuller.yml
+  include_role:
+    name: openshift/object
+  vars:
+    template_fullpath: "{{roles_path}}/openshift/project/templates/imagepuller.yml"

roles/openshift/project/templates/admin.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+groupNames: []
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: admins
+  namespace: "{{app}}"
+roleRef:
+  name: admin
+subjects:
+- kind: User
+  name: "{{fas_owner}}"
+userNames:
+- "{{fas_owner}}"

roles/openshift/project/templates/deployer.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+groupNames: []
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: system:deployers
+  namespace: "{{app}}"
+roleRef:
+  name: system:deployer
+subjects:
+- kind: ServiceAccount
+  name: deployer
+userNames:
+- system:serviceaccount:"{{app}}":deployer

roles/openshift/project/templates/imagebuilder.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+groupNames: []
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: system:image-builders
+  namespace: "{{app}}"
+roleRef:
+  name: system:image-builder
+subjects:
+- kind: ServiceAccount
+  name: builder
+userNames:
+- system:serviceaccount:"{{app}}":builder

roles/openshift/project/templates/imagepuller.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+groupNames:
+- system:serviceaccounts:"{{app}}"
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: system:image-pullers
+  namespace: "{{app}}"
+roleRef:
+  name: system:image-puller
+subjects:
+- kind: SystemGroup
+  name: system:serviceaccounts:"{{app}}"
+userNames: []