|
|
@ -118,8 +118,74 @@ |
|
|
namespace: stackrox |
|
|
namespace: stackrox |
|
|
stringData: |
|
|
stringData: |
|
|
token: '{{ apitoken_value }}' |
|
|
token: '{{ apitoken_value }}' |
|
|
|
|
|
endpoint: '{{ central_hostname }}:443' |
|
|
when: apitoken_value is defined |
|
|
when: apitoken_value is defined |
|
|
|
|
|
|
|
|
|
|
|
- name: Get secrets in the stackrox namespace |
|
|
|
|
|
kubernetes.core.k8s_info: |
|
|
|
|
|
api_version: v1 |
|
|
|
|
|
kind: Secret |
|
|
|
|
|
namespace: stackrox |
|
|
|
|
|
register: stackrox_secrets |
|
|
|
|
|
failed_when: stackrox_secrets.resources|length == 0 |
|
|
|
|
|
|
|
|
|
|
|
- set_fact: |
|
|
|
|
|
registry_reader_token: '{{ stackrox_secrets.resources | json_query(query) | first | b64decode }}' |
|
|
|
|
|
vars: |
|
|
|
|
|
query: > |
|
|
|
|
|
[?metadata.annotations."kubernetes.io/service-account.name" == `stackrox-registry-reader` && type == `kubernetes.io/service-account-token`].data.token |
|
|
|
|
|
|
|
|
|
|
|
- name: Find image registry integrations |
|
|
|
|
|
uri: |
|
|
|
|
|
url: '{{ acs_api }}/imageintegrations' |
|
|
|
|
|
validate_certs: '{{ validate_certs }}' |
|
|
|
|
|
url_username: admin |
|
|
|
|
|
url_password: '{{ central_admin_password }}' |
|
|
|
|
|
force_basic_auth: yes |
|
|
|
|
|
register: find_image_integrations_response |
|
|
|
|
|
changed_when: false |
|
|
|
|
|
|
|
|
|
|
|
- set_fact: |
|
|
|
|
|
image_integration_id: '{{ (find_image_integrations_response.json | json_query(query) | first).id }}' |
|
|
|
|
|
when: find_image_integrations_response.json | json_query(query) | count > 0 |
|
|
|
|
|
vars: |
|
|
|
|
|
query: integrations[?type == `docker` && docker.endpoint == `image-registry.openshift-image-registry.svc:5000`] |
|
|
|
|
|
|
|
|
|
|
|
- name: Create the image registry integration |
|
|
|
|
|
uri: |
|
|
|
|
|
url: '{{ acs_api }}/imageintegrations' |
|
|
|
|
|
method: POST |
|
|
|
|
|
status_code: "200" |
|
|
|
|
|
validate_certs: '{{ validate_certs }}' |
|
|
|
|
|
url_username: admin |
|
|
|
|
|
url_password: '{{ central_admin_password }}' |
|
|
|
|
|
body: '{{ integration }}' |
|
|
|
|
|
body_format: json |
|
|
|
|
|
force_basic_auth: yes |
|
|
|
|
|
register: create_image_integration_response |
|
|
|
|
|
changed_when: create_image_integration_response.status == 200 |
|
|
|
|
|
when: image_integration_id is not defined |
|
|
|
|
|
vars: |
|
|
|
|
|
integration: |
|
|
|
|
|
name: OpenShift Internal Registry |
|
|
|
|
|
autogenerated: false |
|
|
|
|
|
categories: |
|
|
|
|
|
- REGISTRY |
|
|
|
|
|
clusterId: "" |
|
|
|
|
|
docker: |
|
|
|
|
|
endpoint: image-registry.openshift-image-registry.svc:5000 |
|
|
|
|
|
insecure: true |
|
|
|
|
|
username: stackrox-registry-reader |
|
|
|
|
|
password: '{{ registry_reader_token }}' |
|
|
|
|
|
type: docker |
|
|
|
|
|
|
|
|
|
|
|
- set_fact: |
|
|
|
|
|
image_integration_id: '{{ create_image_integration_response.json.id }}' |
|
|
|
|
|
when: image_integration_id is not defined |
|
|
|
|
|
|
|
|
|
|
|
- debug: |
|
|
|
|
|
var: image_integration_id |
|
|
|
|
|
|
|
|
- name: Find signature integrations |
|
|
- name: Find signature integrations |
|
|
uri: |
|
|
uri: |
|
|
url: '{{ acs_api }}/signatureintegrations' |
|
|
url: '{{ acs_api }}/signatureintegrations' |
|
|
|
