From 60a052318e938ff9c5a6762edc0912d070e9c389 Mon Sep 17 00:00:00 2001
From: Lars Kellogg-Stedman <lars@redhat.com>
Date: Fri, 28 Feb 2020 14:52:18 -0500
Subject: [PATCH] patch keystone trusted_dashboard setting

we need to update keystone's trusted_dashboard setting post deployment
because puppet-keystone does not support multi-valued options
---
 playbooks/postdeploy.yml                          |  8 ++++++--
 .../files/keystone-conf-trusted_dashboard.patch   | 15 +++++++++++++++
 playbooks/roles/patch_keystone/handlers/main.yml  |  3 +++
 .../tasks/patch_trusted_dashboard.yml             | 15 +++++++++++++++
 4 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/roles/patch_keystone/files/keystone-conf-trusted_dashboard.patch
 create mode 100644 playbooks/roles/patch_keystone/handlers/main.yml
 create mode 100644 playbooks/roles/patch_keystone/tasks/patch_trusted_dashboard.yml

diff --git a/playbooks/postdeploy.yml b/playbooks/postdeploy.yml
index 85247b6..90539e4 100644
--- a/playbooks/postdeploy.yml
+++ b/playbooks/postdeploy.yml
@@ -1,3 +1,7 @@
 ---
-- import_playbook: fetch-overcloud-credentials.yml
-- import_playbook: create-overcloud-resources.yml
+- hosts: controller
+  tasks:
+    - name: patch keystone trusted_dashboard
+      include_role:
+        name: patch_keystone
+        tasks_from: patch_trusted_dashboard.yml
diff --git a/playbooks/roles/patch_keystone/files/keystone-conf-trusted_dashboard.patch b/playbooks/roles/patch_keystone/files/keystone-conf-trusted_dashboard.patch
new file mode 100644
index 0000000..489e1d4
--- /dev/null
+++ b/playbooks/roles/patch_keystone/files/keystone-conf-trusted_dashboard.patch
@@ -0,0 +1,15 @@
+--- keystone.conf       2020-02-21 13:22:40.532273711 -0500
++++ /var/lib/config-data-backup/keystone/etc/keystone/keystone.conf     2020-02-14 11:16:36.848923953 -0500
+@@ -978,9 +978,11 @@
+ # configuration option may be repeated for multiple values. You must set this
+ # in order to use web-based SSO flows. For example:
+ # trusted_dashboard=https://acme.example.com/auth/websso
+-trusted_dashboard=http://onboarding.massopen.cloud/auth/websso/
+ # trusted_dashboard=https://beta.example.com/auth/websso (multi valued)
+ #trusted_dashboard =
++trusted_dashboard=http://onboarding.massopen.cloud/auth/websso/
++trusted_dashboard=https://onboarding.massopen.cloud/auth/websso/
++trusted_dashboard=https://kaizen.massopen.cloud/dashboard/auth/websso/
+ 
+ # Absolute path to an HTML file used as a Single Sign-On callback handler. This
+ # page is expected to redirect the user from keystone back to a trusted
diff --git a/playbooks/roles/patch_keystone/handlers/main.yml b/playbooks/roles/patch_keystone/handlers/main.yml
new file mode 100644
index 0000000..90f8003
--- /dev/null
+++ b/playbooks/roles/patch_keystone/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart keystone
+  command: docker restart keystone
diff --git a/playbooks/roles/patch_keystone/tasks/patch_trusted_dashboard.yml b/playbooks/roles/patch_keystone/tasks/patch_trusted_dashboard.yml
new file mode 100644
index 0000000..1058bcd
--- /dev/null
+++ b/playbooks/roles/patch_keystone/tasks/patch_trusted_dashboard.yml
@@ -0,0 +1,15 @@
+---
+- name: patch keystone trusted_dashboard
+  tags: [keystone]
+  command: >-
+    patch {{ patch_args|default('') }} -r - --batch --forward {{ item }}
+  args:
+    stdin: >-
+      {{ lookup('file', 'keystone-conf-trusted_dashboard.patch') }}
+  register: result
+  changed_when: result.rc == 0
+  failed_when: result.rc != 0 and 'previously applied' not in result.stdout
+  loop:
+    - /var/lib/config-data/keystone/etc/keystone/keystone.conf
+    - /var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf
+  notify: restart keystone