From 36d69fc4da75335b2aff3db38d096cd7950ec81c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Fri, 1 Dec 2017 14:17:35 +0100
Subject: [PATCH] create a new playbook to handle OCP Access Control

---
 playbooks/configure-openshift-access-control.yml | 8 ++++++++
 playbooks/site.yml                               | 2 ++
 2 files changed, 10 insertions(+)
 create mode 100644 playbooks/configure-openshift-access-control.yml

diff --git a/playbooks/configure-openshift-access-control.yml b/playbooks/configure-openshift-access-control.yml
new file mode 100644
index 0000000..003c0f4
--- /dev/null
+++ b/playbooks/configure-openshift-access-control.yml
@@ -0,0 +1,8 @@
+---
+
+  - name: Configure the OpenShift Access Control Layer
+    hosts: itix
+    become: yes
+    tasks:
+    - name: Remove authenticated users the right to create projects
+      command: oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth
diff --git a/playbooks/site.yml b/playbooks/site.yml
index a9e5e35..fb4afd3 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -8,3 +8,5 @@
   - include: "./openshift-ansible/playbooks/byo/config.yml"
 
   - include: "post-install.yml"
+
+  - include: "configure-openshift-access-control.yml"