From 72ac044a5ef5650f054c7548ee89c0cd8442bc3a Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 9 May 2019 13:41:55 +0200
Subject: [PATCH] openshift/project: simplify egresspolicy - different env db
 won't allow access anyway

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/openshift/project/templates/egresspolicy.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/roles/openshift/project/templates/egresspolicy.yml b/roles/openshift/project/templates/egresspolicy.yml
index 99628876d6..12358861fb 100644
--- a/roles/openshift/project/templates/egresspolicy.yml
+++ b/roles/openshift/project/templates/egresspolicy.yml
@@ -6,14 +6,15 @@ metadata:
 spec:
   egress:
 {% if not allow_fas_db or env != "production" %}
+{% if env == "staging" %}
+  - type: Deny
+    to:
+      cidrSelector: "10.5.128.96/32"
+{% else %}
   - type: Deny
     to:
       cidrSelector: "10.5.126.99/32"
 {% endif %}
-{% if not allow_fas_db or env != "staging" %}
-  - type: Deny
-    to:
-      cidrSelector: "10.5.128.96/32"
 {% endif %}
   - type: Allow
     to: