---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Create default domain
  os_keystone_domain:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    name: default

- name: Create admin and service projects
  include_tasks: projects.yml
  vars:
    batched_tripleo_keystone_resources_projects:
      - admin
      - service

- name: Create admin role
  os_keystone_role:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    name: admin

- name: Create _member_ role
  os_keystone_role:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    name: _member_
  when:
    - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)

- name: Create admin user
  no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
  os_user:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    name: admin
    password: "{{ tripleo_keystone_resources_admin_password }}"
    update_password: always
    email: "admin@localhost"
    domain: default

- name: Assign admin role to admin project for admin user
  os_user_role:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    user: admin
    project: admin
    role: admin

- name: Assign _member_ role to admin project for admin user
  os_user_role:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    user: admin
    project: admin
    role: '_member_'
  when:
    - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)

- name: Create identity service
  os_keystone_service:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    name: keystone
    service_type: identity

- name: Create identity public endpoint
  os_keystone_endpoint:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    service: keystone
    url: "{{ tripleo_keystone_resources_public_endpoint }}"
    endpoint_interface: public
    region: "{{ tripleo_keystone_resources_region }}"

- name: Create identity internal endpoint
  os_keystone_endpoint:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    service: keystone
    url: "{{ tripleo_keystone_resources_internal_endpoint }}"
    endpoint_interface: internal
    region: "{{ tripleo_keystone_resources_region }}"

- name: Create identity admin endpoint
  os_keystone_endpoint:
    cloud: "{{ tripleo_keystone_resources_cloud_name }}"
    service: keystone
    url: "{{ tripleo_keystone_resources_admin_endpoint }}"
    endpoint_interface: admin
    region: "{{ tripleo_keystone_resources_region }}"