From 33452ed8f9c371bb2337066f7e2bf45c8d9f3ccc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Tue, 20 Oct 2020 11:21:29 +0200
Subject: [PATCH] IPA: set the expiration date for the admin user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipa/server/tasks/main.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 8a786a5bac..7f7129dc38 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -159,6 +159,19 @@
   - ipa/server
   - config
 
+- name: Set the expiration date for the admin user
+  ipauser:
+    name: admin
+    password: "{{ ipa_admin_password }}"
+    # Password expiration date will be a Friday 13th in 30 years. I'm sure we'll remember that.
+    passwordexpiration: "2050-05-13 00:00:00"
+    update_password: on_create
+    ipaadmin_password: "{{ ipa_admin_password }}"
+  tags:
+  - ipa/server
+  - config
+  when: ipa_initial
+
 - name: Get admin ticket
   shell: echo "{{ipa_admin_password}}" | kinit admin
   tags:
@@ -347,6 +360,9 @@
 - name: Register the proper noggin admin password
   set_fact:
     noggin_password: "{{ (env == 'production')|ternary(noggin_admin_password, noggin_stg_admin_password) }}"
+  tags:
+  - ipa/server
+  - config
 
 - name: Create noggin user
   ipa_user: