From 457447431fe0c46e67b91717897e89fb971b753a Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Thu, 29 Oct 2020 17:54:19 +0000
Subject: [PATCH] Setup keystone sp/idp after db contract

This will fail if the db contract has not happened

Depends-On: https://review.opendev.org/760429
Change-Id: I0e6299a2b86015928b18558ae8de530b0796d8b1
---
 playbooks/os-keystone-install.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/playbooks/os-keystone-install.yml b/playbooks/os-keystone-install.yml
index 1b09019b7a..4ad41d0f5b 100644
--- a/playbooks/os-keystone-install.yml
+++ b/playbooks/os-keystone-install.yml
@@ -150,3 +150,19 @@
         value: "False"
       when:
         - "dbsync_contract is succeeded"
+
+# note(jrosser) this can only be done once the DB contract has completed so we must put it as
+# the last part of the keystone setup
+- name: SP/IDP setup
+  hosts: keystone_all
+  gather_facts: no
+  user: root
+  environment: "{{ deployment_environment_variables | default({}) }}"
+  vars_files:
+    - "defaults/{{ install_method }}_install.yml"
+  tags:
+    - keystone
+  roles:
+    - role: os_keystone
+      tasks_from: main_keystone_federation_sp_idp_setup.yml
+