---
argument_specs:
  main:
    short_description: Create an OpenShift ServiceAccount with scoped ClusterRole
    description:
      - Creates a ServiceAccount, ClusterRole, ClusterRoleBinding, and a
        long-lived token Secret. The token is registered as
        __ocp_service_account_token for downstream use.
    options:
      ocp_service_account_name:
        description: Name for the ServiceAccount, ClusterRole, and ClusterRoleBinding.
        type: str
        required: true
      ocp_service_account_namespace:
        description: Namespace where the ServiceAccount and token Secret are created.
        type: str
        required: true
      ocp_service_account_cluster_role_rules:
        description: >-
          List of RBAC policy rules for the ClusterRole.
          Each item follows the Kubernetes PolicyRule schema
          (apiGroups, resources, verbs).
        type: list
        elements: dict
        required: true
      ocp_service_account_create_namespace:
        description: Whether to create the namespace if it does not exist.
        type: bool
        default: true