---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Create the project if needed, assumed to be in default domain.
# In many cases this will be present but under some circumstances the project
# may be unique to Gnocchi, esp. when Swift is used for storage.
- name: Ensure Gnocchi project
  keystone:
    command: ensure_project
    project_name: "{{ gnocchi_service_project_name }}"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    description: "{{ gnocchi_service_project_description }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_project
  until: add_project|success
  retries: 5
  delay: 10
  no_log: True

# Create an admin user
- name: Ensure Gnocchi user
  keystone:
    command: "ensure_user"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    user_name: "{{ gnocchi_service_user_name }}"
    tenant_name: "{{ gnocchi_service_project_name }}"
    password: "{{ gnocchi_service_password }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_user
  until: add_user|success
  retries: 5
  delay: 10
  no_log: True

# Add a role to the user
- name: Ensure Gnocchi user maps to admin role
  keystone:
    command: "ensure_user_role"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    user_name: "{{ gnocchi_service_user_name }}"
    tenant_name: "{{ gnocchi_service_project_name }}"
    role_name: "{{ gnocchi_role_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
  register: add_admin_role
  until: add_admin_role|success
  retries: 5
  delay: 10
  no_log: True