From 060d48e58b06b83515ea286b48f50fb547e531cd Mon Sep 17 00:00:00 2001
From: Sidhartha Premkumar <spremkum@redhat.com>
Date: Apr 17 2020 15:24:27 +0000
Subject: Make k8s variables env


---

diff --git a/roles/c3i/defaults/main.yml b/roles/c3i/defaults/main.yml
index 3741482..16b4f07 100644
--- a/roles/c3i/defaults/main.yml
+++ b/roles/c3i/defaults/main.yml
@@ -13,6 +13,13 @@ c3i_git_repo: https://pagure.io/{{ c3i_component }}.git
 # Main branch used for triggering post merge workflow.
 c3i_git_main_branch: master
 
+# Openshift connection
+c3i_ocp_token: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/token', errors='ignore') | default(lookup('pipe', 'oc whoami -t'), true) }}"
+c3i_ocp_host: https://paas.psi.redhat.com
+c3i_ocp_verify_ssl: true
+c3i_ocp_namespace: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/namespace', errors='ignore') | default(lookup('pipe', \"awk '/current-context/ {print $2}' ~/.kube/config | cut -f1 -d'/'\"), true) }}"
+
+
 # Path to dockerfile for Jenkins agent
 c3i_jenkins_agent_buildconfig_contextdir: .
 c3i_jenkins_agent_buildconfig_dockerfile: openshift/containers/jenkins-slave/Dockerfile
@@ -25,7 +32,7 @@ c3i_integration_test_custom_parameters: []
 # Email address for notification
 c3i_mail_address:
 # Path to Jenkinsfile snippet for premerge and postmerge workflow
-c3i_build_and_test_snippet: 
+c3i_build_and_test_snippet:
 # Path to Jenkinsfile snippet for integration tests used by promotion workflow
 c3i_integration_test_snippet:
 
@@ -89,12 +96,6 @@ c3i_messaging_provider: Red Hat UMB
 c3i_fedmsg_provider: fedmsg
 c3i_cloud_name: openshift
 
-# Openshift connection
-c3i_ocp_token: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/token', errors='ignore') | default(lookup('pipe', 'oc whoami -t'), true) }}"
-c3i_ocp_host: https://paas.psi.redhat.com
-c3i_ocp_verify_ssl: true
-c3i_ocp_namespace: "{{ lookup('file', '/run/secrets/kubernetes.io/serviceaccount/namespace', errors='ignore') | default(lookup('pipe', \"awk '/current-context/ {print $2}' ~/.kube/config | cut -f1 -d'/'\"), true) }}"
-
 # Jenkins for Jenkinsfile validation - has to have read access for anonymous
 c3i_jenkins_master_validation: jenkins-c3i.cloud.paas.psi.redhat.com
 
diff --git a/roles/c3i/tasks/build.yml b/roles/c3i/tasks/build.yml
index c4e3fe9..fb6b785 100644
--- a/roles/c3i/tasks/build.yml
+++ b/roles/c3i/tasks/build.yml
@@ -1,9 +1,6 @@
 ---
 - name: Create service account {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -17,9 +14,6 @@
 
 - name: Create role binding {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -73,9 +67,6 @@
 
 - name: Build config {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: "{{ lookup('template', job_vars.template) }}"
diff --git a/roles/c3i/tasks/greenwave-promote-image.yml b/roles/c3i/tasks/greenwave-promote-image.yml
index e9b5310..51eda4c 100644
--- a/roles/c3i/tasks/greenwave-promote-image.yml
+++ b/roles/c3i/tasks/greenwave-promote-image.yml
@@ -5,9 +5,6 @@
 
 - name: Create service account {{ image_name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -20,9 +17,6 @@
 
 - name: Create role binding {{ image_name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -71,9 +65,6 @@
 
 - name: Build config for {{ image_name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: "{{ lookup('template', job_vars.template) }}"
diff --git a/roles/c3i/tasks/main.yml b/roles/c3i/tasks/main.yml
index e46a493..47e7cc5 100644
--- a/roles/c3i/tasks/main.yml
+++ b/roles/c3i/tasks/main.yml
@@ -1,21 +1,24 @@
 ---
-- name: Including jobs
-  include_tasks: proceed.yml
-  with_filetree: ../templates/jobs
-  loop_control:
-    loop_var: job_item
-  tags:
-    - validate
-- name: Load dockerfile for jenkins agent buildConfig
-  stat:
-    path: "{{ lookup('pipe', 'git rev-parse --show-toplevel') }}/{{ c3i_jenkins_agent_buildconfig_contextdir }}/{{ c3i_jenkins_agent_buildconfig_dockerfile }}"
-  register: build_config_dockerfile
-- name: Create jenkins agent buildConfig
-  k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
-    namespace: "{{ c3i_ocp_namespace }}"
-    state: present
-    definition: "{{ lookup('template', 'jenkins_agent_build_config.yml') }}"
-  when: build_config_dockerfile.stat.isreg
+- name: C3I Tasks/Main
+  block:
+    - name: Including jobs
+      include_tasks: proceed.yml
+      with_filetree: ../templates/jobs
+      loop_control:
+        loop_var: job_item
+      tags:
+        - validate
+    - name: Load dockerfile for jenkins agent buildConfig
+      stat:
+        path: "{{ lookup('pipe', 'git rev-parse --show-toplevel') }}/{{ c3i_jenkins_agent_buildconfig_contextdir }}/{{ c3i_jenkins_agent_buildconfig_dockerfile }}"
+      register: build_config_dockerfile
+    - name: Create jenkins agent buildConfig
+      k8s:
+        namespace: "{{ c3i_ocp_namespace }}"
+        state: present
+        definition: "{{ lookup('template', 'jenkins_agent_build_config.yml') }}"
+      when: build_config_dockerfile.stat.isreg
+  environment:
+    K8S_AUTH_API_KEY: "{{ c3i_ocp_token }}"
+    K8S_AUTH_HOST: "{{ c3i_ocp_host }}"
+    K8S_AUTH_VERIFY_SSL: "{{ c3i_ocp_verify_ssl }}"
diff --git a/roles/c3i/tasks/trigger-on-tag.yml b/roles/c3i/tasks/trigger-on-tag.yml
index 4a1adcd..abae7db 100644
--- a/roles/c3i/tasks/trigger-on-tag.yml
+++ b/roles/c3i/tasks/trigger-on-tag.yml
@@ -1,9 +1,6 @@
 ---
 - name: Create service account {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -17,9 +14,6 @@
 
 - name: Create role binding {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: |
@@ -70,9 +64,6 @@
 
 - name: Build config {{ job_vars.name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: "{{ lookup('template', job_vars.template) }}"
diff --git a/roles/c3i/tasks/trigger-update.yml b/roles/c3i/tasks/trigger-update.yml
index f40ecfa..098bb7e 100644
--- a/roles/c3i/tasks/trigger-update.yml
+++ b/roles/c3i/tasks/trigger-update.yml
@@ -3,9 +3,6 @@
 
 - name: Build config for trigger update for {{ job_vars_name }}
   k8s:
-    api_key: "{{ c3i_ocp_token }}"
-    host: "{{ c3i_ocp_host }}"
-    verify_ssl: "{{ c3i_ocp_verify_ssl }}"
     namespace: "{{ c3i_ocp_namespace }}"
     state: present
     definition: "{{ lookup('template', job_vars.template) }}"