diff --git a/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml b/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml index b07fcd8..65b10d7 100644 --- a/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml +++ b/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml @@ -10,15 +10,24 @@ name: shiftstack.stages.prepare tasks_from: app_creds.yml -- name: Rotate OpenShift Cloud Credentials +- name: Create clouds.yaml copy with cloud renamed for OCP secret ansible.builtin.shell: | set -o pipefail && \ - cat {{ clouds_yaml_file_path }} | sed 's/{{ user_cloud }}:/openstack:/' | \ - oc set data -n kube-system secret/openstack-credentials clouds.yaml=- + cat {{ clouds_yaml_file_path }} | sed '/^---$/d' | sed 's/{{ user_cloud }}:/openstack:/' > /tmp/clouds_for_ocp.yaml + changed_when: false + +- name: Rotate OpenShift Cloud Credentials + ansible.builtin.shell: | + oc set data -n kube-system secret/openstack-credentials clouds.yaml="$(cat /tmp/clouds_for_ocp.yaml)" environment: KUBECONFIG: "{{ kubeconfig }}" changed_when: true +- name: Clean up temporary file + ansible.builtin.file: + path: /tmp/clouds_for_ocp.yaml + state: absent + - name: Get OpenStack Credentials from OCP cluster ansible.builtin.shell: | set -o pipefail && \