---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Generate the keystone system user ssh key
  user:
    name: "{{ keystone_system_user_name }}"
    generate_ssh_key: "yes"
  delegate_to: "{{ item }}"
  with_items: "{{ ansible_play_hosts }}"
  when: "inventory_hostname == ansible_play_hosts[0]"

- name: Retrieve default configuration files
  uri:
    url: "{{ item }}"
    return_content: yes
  with_items:
    - "{{ keystone_git_config_lookup_location }}/{{ keystone_paste_git_file_path }}"
    - "{{ keystone_git_config_lookup_location }}/{{ keystone_sso_callback_git_file_path }}"
  register: _git_file_fetch

- name: Copy keystone configuration files
  config_template:
    content: "{{ item.content | default(omit) }}"
    src: "{{ item.src | default(omit) }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "{{ keystone_system_group_name }}"
    mode: "0640"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items:
    - src: "keystone.conf.j2"
      dest: "/etc/keystone/keystone.conf"
      config_overrides: "{{ keystone_keystone_conf_overrides }}"
      config_type: "ini"
    - dest: "/etc/keystone/keystone-paste.ini"
      config_overrides: "{{ keystone_keystone_paste_ini_overrides }}"
      config_type: "ini"
      content: "{{ keystone_paste_user_content | default(keystone_paste_default_content, true) }}"
    - dest: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
      config_overrides: "{{ keystone_policy_overrides }}"
      config_type: "json"
      content: "{{ keystone_policy_user_content | default('{}', true) }}"
  notify:
    - Manage LB
    - Restart uWSGI
    - Restart web server

- name: Copy Keystone Federation SP SSO callback template
  copy:
    content: "{{ keystone_sso_callback_user_content | default(keystone_sso_callback_default_content, true) }}"
    dest: "/etc/keystone/sso_callback_template.html"
    owner: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
    mode: "0644"
  when:
    - keystone_idp != {}
  notify:
    - Manage LB
    - Restart uWSGI
    - Restart web server

- name: Clean up Keystone Federation SP SSO callback template
  file:
    path: "/etc/keystone/sso_callback_template.html"
    state: absent
  when:
    - keystone_idp == {}
  notify:
    - Manage LB
    - Restart uWSGI
    - Restart web server