From 47a647c335827bc8cdc677b5723902c244585673 Mon Sep 17 00:00:00 2001
From: Milana Levy <millevy@millevy-thinkpadp16vgen1.raanaii.csb>
Date: Thu, 5 Dec 2024 15:29:15 +0200
Subject: [PATCH] Add hook file for federation configuration

Add hook file for federation configuration
---
 ...OpenStackControlPlane-federationPatch.yaml | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 hooks/playbooks/OpenStackControlPlane-federationPatch.yaml

diff --git a/hooks/playbooks/OpenStackControlPlane-federationPatch.yaml b/hooks/playbooks/OpenStackControlPlane-federationPatch.yaml
new file mode 100644
index 0000000000..c645e2cdaf
--- /dev/null
+++ b/hooks/playbooks/OpenStackControlPlane-federationPatch.yaml
@@ -0,0 +1,49 @@
+---
+- name: Create kustomization to update Keystone to use Federation
+  hosts: "{{ cifmw_target_hook_host | default('localhost') }}"
+  tasks:
+    - name: Create file to customize keystone for Federation resources deployed in the control plane
+      ansible.builtin.copy:
+        dest: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/controlplane/keystone_federation.yaml"
+        content: |-
+          apiVersion: kustomize.config.k8s.io/v1beta1
+          kind: Kustomization
+          resources:
+          - namespace: {{ namespace }}
+          patches:
+          - target:
+              kind: OpenStackControlPlane
+              name: .*
+            patch: |-
+              - op: add
+                path: /spec/tls/caBundleSecretName
+                value: keycloakca
+              - op: add
+                path: /spec/keystone/template/oidcFederation
+                value:
+                  keystoneFederationIdentityProviderName: "{{ cifmw_keystone_OIDC_provider_name }}"
+                  oidcCacheType: "{{ cifmw_keystone_OIDC_CacheType }}"
+                  oidcClaimDelimiter: "{{ cifmw_keystone_OIDC_ClaimDelimiter }}"
+                  oidcClaimPrefix: "{{ cifmw_keystone_OIDC_ClaimPrefix }}"
+                  oidcClientID: "{{ cifmw_keystone_OIDC_ClientID }}"
+                  oidcIntrospectionEndpoint: "{{ cifmw_keystone_OIDC_IntrospectionEndpoint }}"
+                  oidcMemCacheServers: "{{ cifmw_keystone_OIDC_MemCacheServers }}"
+                  oidcPassClaimsAs: "{{ cifmw_keystone_OIDC_PassClaimsAs }}"
+                  oidcPassUserInfoAs: "{{ cifmw_keystone_OIDC_PassUserInfoAs }}"
+                  oidcProviderMetadataURL: "{{ cifmw_keystone_OIDC_ProviderMetadataURL }}"
+                  oidcResponseType: "{{ cifmw_keystone_OIDC_ResponseType }}"
+                  oidcScope: "{{ cifmw_keystone_OIDC_Scope }}"
+                  remoteIDAttribute: "{{ cifmw_keystone_OIDC_remoteIDAttribute }}"
+
+    - name: Add Keycloak CA secret
+      kubernetes.core.k8s:
+        state: present
+        definition:
+          apiVersion: v1
+          kind: Secret
+          type: Opaque
+          metadata:
+            name: keycloakca
+            namespace: "openstack"
+          data:
+            KeyCloakCA: "{{ keycloakCaCert }}"