Merge pull request #1447 from whereismyjetpack/template_known_users

Template out known_users.csv, optionally add groups
pull/1459/merge
Spencer Smith 2017-07-25 08:55:08 -04:00 committed by GitHub
commit 4a34514b21
3 changed files with 8 additions and 4 deletions

View File

@ -39,6 +39,7 @@ kube_cert_group: kube-cert
kube_log_level: 2 kube_log_level: 2
# Users to create for basic auth in Kubernetes API via HTTP # Users to create for basic auth in Kubernetes API via HTTP
# Optionally add groups for user
kube_api_pwd: "changeme" kube_api_pwd: "changeme"
kube_users: kube_users:
kube: kube:
@ -47,6 +48,8 @@ kube_users:
root: root:
pass: "{{kube_api_pwd}}" pass: "{{kube_api_pwd}}"
role: admin role: admin
# groups:
# - system:masters

View File

@ -27,12 +27,10 @@
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
- name: Populate users for basic auth in API - name: Populate users for basic auth in API
lineinfile: template:
src: known_users.csv.j2
dest: "{{ kube_users_dir }}/known_users.csv" dest: "{{ kube_users_dir }}/known_users.csv"
create: yes
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
backup: yes backup: yes
with_dict: "{{ kube_users }}"
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true) when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
notify: set secret_changed notify: set secret_changed

View File

@ -0,0 +1,3 @@
{% for user in kube_users %}
{{kube_users[user].pass}},{{user}},{{kube_users[user].role}}{% if kube_users[user].groups is defined %},{% set groups_csv = kube_users[user].groups|join(',') -%}"{{groups_csv}}"{% endif %}
{% endfor %}