From d9fa6611ae8e02b86376b5000e5e7ec86b1a6492 Mon Sep 17 00:00:00 2001
From: David Kirwan <dkirwan@redhat.com>
Date: Mon, 29 Aug 2022 10:50:50 +0100
Subject: [PATCH] communishift: Add task to create namespace for communishift
 authorization operator Create IPA keytab for communishift authorization
 operator

Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Lenka Segura <lsegura@redhat.com>
Signed-off-by: Patrik Polakovic <ppolakov@redhat.com>
---
 playbooks/manual/communishift.yml             |  8 +++-
 .../tasks/administration-tasks.yml            |  2 +
 ...oy-communishift-authorization-operator.yml | 42 +++++++++++++++++++
 3 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 roles/communishift/tasks/administration-tasks.yml
 create mode 100644 roles/communishift/tasks/deploy-communishift-authorization-operator.yml

diff --git a/playbooks/manual/communishift.yml b/playbooks/manual/communishift.yml
index 406374974b..c88085d8c8 100644
--- a/playbooks/manual/communishift.yml
+++ b/playbooks/manual/communishift.yml
@@ -9,6 +9,13 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   tasks:
+    - name: Communishift Role
+      include_role:
+        name: communishift
+        tasks_from: administration-tasks
+        apply:
+          tags:
+            - deploy-operators
     - name: Communishift Role
       with_items: "{{ communishift_projects }}"
       include_role:
@@ -22,6 +29,5 @@
       loop_control:
         loop_var: outer_item
   vars:
-    ansible_python_interpreter: "/usr/bin/python"
     communishift_projects:
       - communishift-dev-test
diff --git a/roles/communishift/tasks/administration-tasks.yml b/roles/communishift/tasks/administration-tasks.yml
new file mode 100644
index 0000000000..6a2f48c346
--- /dev/null
+++ b/roles/communishift/tasks/administration-tasks.yml
@@ -0,0 +1,2 @@
+---
+- include_tasks: deploy-communishift-authorization-operator.yml
diff --git a/roles/communishift/tasks/deploy-communishift-authorization-operator.yml b/roles/communishift/tasks/deploy-communishift-authorization-operator.yml
new file mode 100644
index 0000000000..df8e33bbdc
--- /dev/null
+++ b/roles/communishift/tasks/deploy-communishift-authorization-operator.yml
@@ -0,0 +1,42 @@
+---
+- name: Create the CommunishiftAuthorization operator k8s namespace
+  community.okd.k8s:
+    api_key: "{{ communishift_ocp_api_token }}"
+    host: "{{ communishift_ocp_api_host }}"
+    name: "communishift-authorization-operator"
+    api_version: v1
+    kind: Namespace
+    state: present
+  tags:
+    - deploy-operators
+
+
+- name: Acquire a keytab
+  include_role:
+    name: keytab/service
+  vars:
+    kt_location: "/etc/openshift_apps/communishift-authorization/communishift-authorization-operator-keytab.kt"
+    service: "communishift-authorization-operator"
+    host: "{{ communishift_ocp_api_host }}"
+  tags:
+    - deploy-operators
+
+
+- name: Create the CommunishiftAuthorization operator k8s Secret
+  community.okd.k8s:
+    api_key: "{{ communishift_ocp_api_token }}"
+    host: "{{ communishift_ocp_api_host }}"
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: "communishift-keytab-secret"
+        namespace: "communishift-authorization-operator"
+      data:
+        communishift-authorization-keytab: "{{ communishift_authorization_keytab_file | b64encode }}"
+  vars:
+     communishift_authorization_keytab_file: "{{ lookup('file', '/etc/openshift_apps/communishift-authorization/communishift-authorization-operator-keytab.kt') }}"
+  tags:
+    - deploy-operators
+