From b43bb87352c5c3bb073764f50f9da94dbf91f876 Mon Sep 17 00:00:00 2001
From: Mauricio Harley <mharley@redhat.com>
Date: Thu, 24 Apr 2025 14:37:13 +0000
Subject: [PATCH] Enabling support for Thales Luna user id and group id.

The new client software version requires the use of a specific group
called "hsmusers", and for consistency reasons, we are specifying both,
the user id and the group id, and inserting the Barbican username inside
of such a group.

Change-Id: Ibf1dd3fbebbf0c1f1ed0d14f3afe65f388367bbe
Signed-off-by: Mauricio Harley <mharley@redhat.com>
---
 defaults/main.yaml         |  2 ++
 tasks/register_client.yaml | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index b28987c..a5f2ecf 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -2,3 +2,5 @@
 lunasa_client_working_dir: /tmp/lunasa_client_install
 lunasa_client_rotate_cert: false
 lunasa_ha_label: myHAgroup
+lunasa_user_id: 42493
+lunasa_group_id: 42493
diff --git a/tasks/register_client.yaml b/tasks/register_client.yaml
index bc62f96..7b00f85 100644
--- a/tasks/register_client.yaml
+++ b/tasks/register_client.yaml
@@ -3,6 +3,18 @@
   ansible.builtin.debug:
     msg: "Registering client: {{ client_name }} [host: {{ client_host }}, CN: {{ client_cert_cn }}] with HSM: {{ hsm_hostname }}"
 
+- name: Create hsmusers group
+  ansible.builtin.group:
+    name: hsmusers
+    gid: "{{ lunasa_group_id }}"
+
+- name: Create hsmusers user
+  ansible.builtin.user:
+    name: hsmusers
+    uid: "{{ lunasa_user_id }}"
+    group: "{{ lunasa_group_id }}"
+    create_home: false
+
 - name: Get the hsm server cert from the hsm_server
   ansible.builtin.shell: >
     sshpass -p '{{ hsm_admin_password }}'