---
- import_role:
    name: service-ks-register
  vars:
    service_ks_register_auth: "{{ openstack_magnum_auth }}"
    service_ks_register_services: "{{ magnum_ks_services }}"
    service_ks_register_users: "{{ magnum_ks_users }}"

- name: Creating Magnum trustee domain
  become: true
  kolla_toolbox:
    container_engine: "{{ kolla_container_engine }}"
    module_name: "os_keystone_domain"
    module_args:
      name: "{{ magnum_trustee_domain }}"
      description: "Owns users and projects created by magnum"
      auth: "{{ openstack_magnum_auth }}"
      endpoint_type: "{{ openstack_interface }}"
      cacert: "{{ openstack_cacert }}"
      region_name: "{{ openstack_region_name }}"
  register: trustee_domain
  run_once: True

- name: Creating Magnum trustee user
  become: true
  kolla_toolbox:
    container_engine: "{{ kolla_container_engine }}"
    module_name: "os_user"
    module_args:
      name: "{{ magnum_trustee_domain_admin }}"
      domain: "{{ magnum_trustee_domain }}"
      password: "{{ magnum_keystone_password }}"
      update_password: "{{ 'always' if update_keystone_service_user_passwords | bool else 'on_create' }}"
      auth: "{{ openstack_magnum_auth }}"
      endpoint_type: "{{ openstack_interface }}"
      cacert: "{{ openstack_cacert }}"
      region_name: "{{ openstack_region_name }}"
  run_once: True

- name: Creating Magnum trustee user role
  become: true
  kolla_toolbox:
    container_engine: "{{ kolla_container_engine }}"
    module_name: "os_user_role"
    module_args:
      domain: "{{ trustee_domain.domain.id }}"
      user: "{{ magnum_trustee_domain_admin }}"
      role: "admin"
      auth: "{{ openstack_magnum_auth }}"
      endpoint_type: "{{ openstack_interface }}"
      cacert: "{{ openstack_cacert }}"
      region_name: "{{ openstack_region_name }}"
  run_once: True
  when: not ansible_check_mode