---
- hosts: undercloud, Controller
  vars:
    metadata:
      name: Verify that keystone admin token is disabled
      description: >
        This validation checks that keystone admin token is disabled on both
        undercloud and overcloud controller after deployment.
      groups:
      - post-deployment
    keystone_conf_file: "/var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf"
  tasks:
  - include_tasks: tasks/deprecation.yaml

  - name: Fetch token value
    become: true
    ini:
      path: "{{ keystone_conf_file }}"
      section: DEFAULT
      key: admin_token
      ignore_missing_file: True
    register: token_result

  - name: Check if token value is disabled.
    fail: msg="Keystone admin token is not disabled."
    when: token_result.value != None