commit de518bdabc6d396819701b36ac5540546a7fb018
author Andrey Shestakov <ashestakov@mirantis.com> Wed Mar 21 15:49:38 2018 +0200
committer Andrey Shestakov <ashestakov@mirantis.com> Wed Mar 21 15:49:38 2018 +0200
tree 73a15bab4c438a0b5fe9e3532af85ea41a4f7815
parent 16dc032a774c45e888db8e73c9b3e9bbd4bcdb59

Fix Role creation.

Change-Id: I257b378a44322f8abaa8a34228b5193b5813002a

kubernetes/control/role.sls

diff --git a/kubernetes/control/role.sls b/kubernetes/control/role.sls
index 8899eb8..305ebb2 100644
--- a/kubernetes/control/role.sls
+++ b/kubernetes/control/role.sls
@@ -11,9 +11,8 @@
     {%- set role_kind = 'ClusterRole' %}
   {%- endif %}
 
-  {%- if role.enabled|default(True) %}
-
-    {%- if role.get('rules') %}
+  {%- if role.get('rules') %}
+    {%- if role.enabled|default(True) %}
 /srv/kubernetes/roles/{{ role_name }}/{{ role_name }}-role.yml:
   file.managed:
   - source: salt://kubernetes/files/role.yml
@@ -25,15 +24,35 @@
       role_name: {{ role_name }}
       role_kind: {{ role_kind }}
       role: {{ role|yaml }}
+
+kubernetes_role_create_{{ role_name }}:
+  cmd.run:
+    - name: kubectl apply -f /srv/kubernetes/roles/{{ role_name }}/{{ role_name }}-role.yml
+    {%- if grains.get('noservices') %}
+    - onlyif: /bin/false
+    {%- endif %}
+    - require:
+      - file: /srv/kubernetes/roles/{{ role_name }}/{{ role_name }}-role.yml
+
+    {%- else %}
+
+kubernetes_role_delete_{{ role_name }}:
+  cmd.run:
+    - name: kubectl delete {{ role_kind }} {{ role_name }}
+    - onlyif: kubectl get {{ role_kind }} -o=custom-columns=NAME:.metadata.name | grep -v NAME | grep "{{ role_name }}"
+
+    {%- endif %}
+  {%- endif %}
+
+  {%- for binding_name, binding in role.get('binding', {}).items() %}
+    {%- set binding_name = binding.name|default(binding_name) %}
+    {%- if binding.get('namespace') or binding.get('kind') == 'RoleBinding' %}
+      {%- set binding_kind = 'RoleBinding' %}
+    {%- else %}
+      {%- set binding_kind = 'ClusterRoleBinding' %}
     {%- endif %}
 
-    {%- for binding_name, binding in role.get('binding', {}).items() %}
-      {%- set binding_name = binding.name|default(binding_name) %}
-      {%- if binding.get('namespace') or binding.get('kind') == 'RoleBinding' %}
-        {%- set binding_kind = 'RoleBinding' %}
-      {%- else %}
-        {%- set binding_kind = 'ClusterRoleBinding' %}
-      {%- endif %}
+    {%- if role.enabled|default(True) %}
 
 /srv/kubernetes/roles/{{ role_name }}/{{ binding_name }}-rolebinding.yml:
   file.managed:
@@ -50,7 +69,22 @@
       binding_kind: {{ binding_kind }}
       binding: {{ binding|yaml }}
 
-    {%- endfor %}
+kubernetes_rolebinding_create_{{ role_name }}_{{ binding_name }}:
+  cmd.run:
+    - name: kubectl apply -f /srv/kubernetes/roles/{{ role_name }}/{{ binding_name }}-rolebinding.yml
+    {%- if grains.get('noservices') %}
+    - onlyif: /bin/false
+    {%- endif %}
+    - require:
+      - file: /srv/kubernetes/roles/{{ role_name }}/{{ binding_name }}-rolebinding.yml
 
-  {%- endif %}
+    {%- else %}
+
+kubernetes_rolebinding_delete_{{ role_name }}_{{ binding_name }}:
+  cmd.run:
+    - name: kubectl delete {{ binding_kind }} {{ binding_name }}
+    - onlyif: kubectl get {{ binding_kind }} -o=custom-columns=NAME:.metadata.name | grep -v NAME | grep "{{ binding_name }}"
+
+    {%- endif %}
+  {%- endfor %}
 {%- endfor %}