-
Christian Berendt authored
Change-Id: I096971a0a69ff0fc29946fbdb70cf26ead922a8c
Christian Berendt authoredChange-Id: I096971a0a69ff0fc29946fbdb70cf26ead922a8c
register_identity_providers.yml 9.42 KiB
---
- name: List configured attribute mappings (that can be used by IdPs)
command: >
docker exec -t keystone openstack
--os-auth-url={{ openstack_auth.auth_url }}
--os-password={{ openstack_auth.password }}
--os-username={{ openstack_auth.username }}
--os-project-name={{ openstack_auth.project_name }}
--os-identity-api-version=3
--os-interface {{ openstack_interface }}
--os-project-domain-name {{ openstack_auth.domain_name }}
--os-user-domain-name {{ openstack_auth.domain_name }}
--os-region-name {{ openstack_region_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }} {% endif %}
mapping list -c ID --format value
run_once: True
become: True
register: existing_mappings_register
- name: Register existing mappings
set_fact:
existing_mappings: "{{ existing_mappings_register.stdout_lines | map('trim') | list }}"
- name: Remove unmanaged attribute mappings
command: >
docker exec -t keystone openstack
--os-auth-url={{ openstack_auth.auth_url }}
--os-password={{ openstack_auth.password }}
--os-username={{ openstack_auth.username }}
--os-project-name={{ openstack_auth.project_name }}
--os-identity-api-version=3
--os-interface {{ openstack_interface }}
--os-project-domain-name {{ openstack_auth.domain_name }}
--os-user-domain-name {{ openstack_auth.domain_name }}
--os-region-name {{ openstack_region_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }} {% endif %}
mapping delete {{ item }}
run_once: True
become: true
with_items: "{{ existing_mappings }}"
when:
- item not in (keystone_identity_mappings | map(attribute='name') | list)
- keystone_should_remove_attribute_mappings
- name: Create unexisting domains
become: true
kolla_toolbox:
module_name: "os_keystone_domain"
module_args:
name: "{{ item.openstack_domain }}"
auth: "{{ openstack_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
region_name: "{{ openstack_region_name }}"
run_once: True
with_items: "{{ keystone_identity_providers }}"
- name: Register attribute mappings in OpenStack
become: true
command: >
docker exec -t keystone openstack
--os-auth-url={{ openstack_auth.auth_url }}
--os-password={{ openstack_auth.password }}
--os-username={{ openstack_auth.username }}
--os-project-name={{ openstack_auth.project_name }}
--os-identity-api-version=3
--os-interface {{ openstack_interface }}
--os-project-domain-name {{ openstack_auth.domain_name }}
--os-user-domain-name {{ openstack_auth.domain_name }}
--os-region-name {{ openstack_region_name }}