From 90715412f20d39fdf0d05421d0636314e0e8ee78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 14 Apr 2022 11:17:38 +0200
Subject: [PATCH] Adjust the secret-file role to work with OCP4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/openshift-apps/bodhi.yml            | 4 ++++
 roles/openshift/secret-file/defaults/main.yml | 1 +
 roles/openshift/secret-file/tasks/main.yml    | 7 ++++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml
index bd8e44e179..3c78e621ee 100644
--- a/playbooks/openshift-apps/bodhi.yml
+++ b/playbooks/openshift-apps/bodhi.yml
@@ -77,21 +77,25 @@
     secret_name: bodhi-keytab
     service: bodhi
     host: "bodhi{{ env_suffix }}.fedoraproject.org"
+    ocp4: true
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedora-messaging-ca
     key: cacert.pem
     privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+    ocp4: true
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedora-messaging-crt
     key: bodhi-cert.pem
     privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
+    ocp4: true
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedora-messaging-key
     key: bodhi-key.pem
     privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
+    ocp4: true
   - role: openshift/object
     app: bodhi
     template: imagestreams-tagged.yml
diff --git a/roles/openshift/secret-file/defaults/main.yml b/roles/openshift/secret-file/defaults/main.yml
index bae6245ab2..20592a659f 100644
--- a/roles/openshift/secret-file/defaults/main.yml
+++ b/roles/openshift/secret-file/defaults/main.yml
@@ -1 +1,2 @@
 os_app: "{{app}}"
+ocp4: false
diff --git a/roles/openshift/secret-file/tasks/main.yml b/roles/openshift/secret-file/tasks/main.yml
index 8cf4f66dbb..49784111ae 100644
--- a/roles/openshift/secret-file/tasks/main.yml
+++ b/roles/openshift/secret-file/tasks/main.yml
@@ -23,4 +23,9 @@
 - name: Call `oc secrets new` on the copied file
   shell: oc -n {{os_app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{os_app}}/{{key}}
   register: create_out
-  when: secret_template.changed or secret_file.changed or secret_privatefile.changed
+  when: not ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)
+
+- name: Call `oc create secret generic` on the copied file
+  shell: oc -n {{os_app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{os_app}}/{{key}}
+  register: create_out
+  when: ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)