From ede16377d80e81f49b10544d53b192f00422ad72 Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Thu, 5 Oct 2017 19:13:56 +0000
Subject: [PATCH] handle osbs custom build config for openshift 3.4.0+

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 playbooks/groups/osbs-cluster.yml             |  7 +++++++
 roles/osbs-on-openshift/tasks/main.yml        | 21 +++++++++++++++++++
 .../templates/role-osbs-custom-build.yml.j2   | 10 +++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 roles/osbs-on-openshift/templates/role-osbs-custom-build.yml.j2

diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml
index 4487d97106..65ded34549 100644
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@@ -315,6 +315,13 @@
       when: env == "production"
     }
 
+  tasks:
+    - name: set custom build policy for koji builder in openshift for osbs
+    shell: "oadm policy add-role-to-user -n default osbs-custom-build {{ osbs_koji_prod_username }} && touch /etc/origin/koji-custom-build-policy-added"
+      args:
+        creates: "/etc/origin/koji-builder-policy-added"
+      when: env == "production"
+
 - name: Manage docker images and image stream
   hosts: osbs-masters[0]
   tags:
diff --git a/roles/osbs-on-openshift/tasks/main.yml b/roles/osbs-on-openshift/tasks/main.yml
index 9111bd7164..06edc3457d 100644
--- a/roles/osbs-on-openshift/tasks/main.yml
+++ b/roles/osbs-on-openshift/tasks/main.yml
@@ -113,6 +113,27 @@
   tags:
   - limitranges
 
+# Setup custom build role
+- name: copy custom build role
+  template:
+    src: role-osbs-custom-build.yml.j2
+    dest: "{{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-role-osbs-custom-build.yml"
+  environment: "{{ osbs_environment }}"
+  register: yaml_role
+  tags:
+  - oc
+
+- name: import custom build role
+  command: >
+    oc replace
+    --namespace={{ osbs_namespace }}
+    --force=true
+    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-role-osbs-custom-build.yml
+  environment: "{{ osbs_environment }}"
+  when: yaml_role.changed
+  tags:
+  - oc
+
 - include: yum_proxy.yml
   when: osbs_yum_proxy_image is defined
 
diff --git a/roles/osbs-on-openshift/templates/role-osbs-custom-build.yml.j2 b/roles/osbs-on-openshift/templates/role-osbs-custom-build.yml.j2
new file mode 100644
index 0000000000..7beaba0ec7
--- /dev/null
+++ b/roles/osbs-on-openshift/templates/role-osbs-custom-build.yml.j2
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Role
+metadata:
+  name: osbs-custom-build
+  namespace: {{ osbs_namespace }}
+rules:
+  - verbs:
+    - create
+    resources:
+    - builds/custom
\ No newline at end of file