openstack/tripleo-ansible
Code Issues Proposed changes
a930407217
tripleo-ansible/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml
Kevin Carter 8cc51067d8 Add toggle for sensitive data within keystone 
This change will allow deployers to expose sensitive data as needed. 

> This change also fixes the tests for keystone. The role test was
  broken because the use of test-deps needed to be updated for the new
  repo layout.

Change-Id: I200efe00b735a17a996fbfe64e3f0f4d4c813f73
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-06-10 02:12:06 +00:00

96 lines
3.0 KiB
YAML
Raw Blame History

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Create default domain
os_keystone_domain:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: default
- name: Create admin and service projects
include_tasks: projects.yml
vars:
batched_tripleo_keystone_resources_projects:
- admin
- service
- name: Create admin role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin
- name: Create _member_ role
os_keystone_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: _member_
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)
- name: Create admin user
no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
os_user:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: admin
password: "{{ tripleo_keystone_resources_admin_password }}"
update_password: always
email: "admin@localhost"
domain: default
- name: Assign admin role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: admin
- name: Assign _member_ role to admin project for admin user
os_user_role:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
user: admin
project: admin
role: '_member_'
when:
- keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)
- name: Create identity service
os_keystone_service:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
name: keystone
service_type: identity
- name: Create identity public endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_public_endpoint }}"
endpoint_interface: public
region: "{{ tripleo_keystone_resources_region }}"
- name: Create identity internal endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_internal_endpoint }}"
endpoint_interface: internal
region: "{{ tripleo_keystone_resources_region }}"
- name: Create identity admin endpoint
os_keystone_endpoint:
cloud: "{{ tripleo_keystone_resources_cloud_name }}"
service: keystone
url: "{{ tripleo_keystone_resources_admin_endpoint }}"
endpoint_interface: admin
region: "{{ tripleo_keystone_resources_region }}"
View Git Blame Copy Permalink