78f29fdc5d
Some ID provider configurations do not require a certificate file. Change the logic to allow this, and update documentation accordingly. Change-Id: I2c34a6b5894402bbebeb3fb96768789bc3c7fe84
88 lines
2.8 KiB
YAML
88 lines
2.8 KiB
YAML
---
|
|
- name: Remove OpenID certificate and metadata files
|
|
become: true
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
file:
|
|
state: absent
|
|
path: "{{ item }}"
|
|
when:
|
|
- inventory_hostname in groups[keystone.group]
|
|
with_items:
|
|
- "{{ keystone_host_federation_oidc_metadata_folder }}"
|
|
- "{{ keystone_host_federation_oidc_idp_certificate_folder }}"
|
|
- "{{ keystone_host_federation_oidc_attribute_mappings_folder }}"
|
|
|
|
- name: Create OpenID configuration directories
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
file:
|
|
dest: "{{ item }}"
|
|
state: "directory"
|
|
mode: "0770"
|
|
become: true
|
|
with_items:
|
|
- "{{ keystone_host_federation_oidc_metadata_folder }}"
|
|
- "{{ keystone_host_federation_oidc_idp_certificate_folder }}"
|
|
- "{{ keystone_host_federation_oidc_attribute_mappings_folder }}"
|
|
when:
|
|
- inventory_hostname in groups[keystone.group]
|
|
|
|
- name: Copying OpenID Identity Providers metadata
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
become: true
|
|
copy:
|
|
src: "{{ item.metadata_folder }}/"
|
|
dest: "{{ keystone_host_federation_oidc_metadata_folder }}"
|
|
mode: "0660"
|
|
with_items: "{{ keystone_identity_providers }}"
|
|
when:
|
|
- item.protocol == 'openid'
|
|
- inventory_hostname in groups[keystone.group]
|
|
|
|
- name: Copying OpenID Identity Providers certificate
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
become: true
|
|
copy:
|
|
src: "{{ item.certificate_file }}"
|
|
dest: "{{ keystone_host_federation_oidc_idp_certificate_folder }}"
|
|
mode: "0660"
|
|
with_items: "{{ keystone_identity_providers }}"
|
|
when:
|
|
- item.protocol == 'openid'
|
|
- item.certificate_file is defined
|
|
- inventory_hostname in groups[keystone.group]
|
|
|
|
- name: Copying OpenStack Identity Providers attribute mappings
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
become: true
|
|
copy:
|
|
src: "{{ item.file }}"
|
|
dest: "{{ keystone_host_federation_oidc_attribute_mappings_folder }}/{{ item.file | basename }}"
|
|
mode: "0660"
|
|
with_items: "{{ keystone_identity_mappings }}"
|
|
when:
|
|
- inventory_hostname in groups[keystone.group]
|
|
|
|
- name: Setting the certificates files variable
|
|
become: true
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
find:
|
|
path: "{{ keystone_host_federation_oidc_idp_certificate_folder }}"
|
|
pattern: "*.pem"
|
|
register: certificates_path
|
|
when:
|
|
- inventory_hostname in groups[keystone.group]
|
|
|
|
- name: Setting the certificates variable
|
|
vars:
|
|
keystone: "{{ keystone_services['keystone'] }}"
|
|
set_fact:
|
|
keystone_federation_openid_certificate_key_ids: "{{ certificates_path.files | map(attribute='path') | map('regex_replace', '^.*/(.*)\\.pem$', '\\1#' + keystone_container_federation_oidc_idp_certificate_folder + '/\\1.pem') | list }}" # noqa 204
|
|
when:
|
|
- inventory_hostname in groups[keystone.group]
|