From ceb97e5809504720f744b3538d95dc8a4e8f4f71 Mon Sep 17 00:00:00 2001
From: Erwan Miran <mirwan666@gmail.com>
Date: Wed, 29 Aug 2018 11:35:00 +0200
Subject: [PATCH] Fix wrong syntax for jinja sub list extraction and addition
 of missing role template

---
 .../local_volume_provisioner/tasks/main.yml       |  2 +-
 .../local-volume-provisioner-psp-role.yml.j2      | 15 +++++++++++++++
 roles/kubernetes-apps/registry/tasks/main.yml     |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-psp-role.yml.j2

diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
index 448563922..070f4c00c 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
@@ -35,7 +35,7 @@
 
 - name: Local Volume Provisioner | Insert extra templates to Local Volume Provisioner templates list for PodSecurityPolicy
   set_fact:
-    local_volume_provisioner_templates: "{{ local_volume_provisioner_templates[:2] + local_volume_provisioner_templates_for_psp_not_system_ns + local_volume_provisioner_templates[3:] }}"
+    local_volume_provisioner_templates: "{{ local_volume_provisioner_templates[:2] + local_volume_provisioner_templates_for_psp_not_system_ns + local_volume_provisioner_templates[2:] }}"
   when:
     - podsecuritypolicy_enabled
     - local_volume_provisioner_namespace != "kube-system"
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-psp-role.yml.j2 b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-psp-role.yml.j2
new file mode 100644
index 000000000..40a530972
--- /dev/null
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-psp-role.yml.j2
@@ -0,0 +1,15 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: psp:local-volume-provisioner
+  namespace: {{ local_volume_provisioner_namespace }}
+rules:
+  - apiGroups:
+    - policy
+    resourceNames:
+    - local-volume-provisioner
+    resources:
+    - podsecuritypolicies
+    verbs:
+    - use
diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml
index 6272ef5fb..fd8cb82e3 100644
--- a/roles/kubernetes-apps/registry/tasks/main.yml
+++ b/roles/kubernetes-apps/registry/tasks/main.yml
@@ -27,7 +27,7 @@
 
 - name: Registry | Append extra templates to Registry Templates list for PodSecurityPolicy
   set_fact:
-    registry_templates: "{{ registry_templates[:3] + registry_templates_for_psp + registry_templates[4:] }}"
+    registry_templates: "{{ registry_templates[:3] + registry_templates_for_psp + registry_templates[3:] }}"
   when:
     - podsecuritypolicy_enabled
     - registry_namespace != "kube-system"
-- 
GitLab