fix(barbican): create and add implied role creator (#909)
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/roles/barbican/meta/main.yml b/roles/barbican/meta/main.yml
index da38a2e..7d30196 100644
--- a/roles/barbican/meta/main.yml
+++ b/roles/barbican/meta/main.yml
@@ -30,6 +30,8 @@
dependencies:
- role: defaults
+ - role: openstacksdk
+ - role: openstack_cli
- role: openstack_helm_endpoints
vars:
openstack_helm_endpoints_chart: barbican
diff --git a/roles/barbican/tasks/main.yml b/roles/barbican/tasks/main.yml
index ea46932..8aebdae 100644
--- a/roles/barbican/tasks/main.yml
+++ b/roles/barbican/tasks/main.yml
@@ -30,3 +30,24 @@
openstack_helm_ingress_service_name: barbican-api
openstack_helm_ingress_service_port: 9311
openstack_helm_ingress_annotations: "{{ barbican_ingress_annotations }}"
+
+- name: Create creator role
+ openstack.cloud.identity_role:
+ cloud: atmosphere
+ state: present
+ name: creator
+
+- name: Add implied roles
+ run_once: true
+ ansible.builtin.shell: |
+ openstack implied role create \
+ --implied-role {{ item.implies }} \
+ {{ item.role }}
+ loop:
+ - role: member
+ implies: creator
+ environment:
+ OS_CLOUD: atmosphere
+ register: _octavia_implied_role_create
+ changed_when: _octavia_implied_role_create.rc == 0
+ failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr