From 86248233e58bb9dbb363499159b7126f06a32c20 Mon Sep 17 00:00:00 2001
From: Michiel Piscaer <michiel@piscaer.com>
Date: Sun, 21 Apr 2024 08:53:50 +0200
Subject: [PATCH] fix(barbican): create and add implied role creator (#909)

Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
---
 roles/barbican/meta/main.yml  |  2 ++
 roles/barbican/tasks/main.yml | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/roles/barbican/meta/main.yml b/roles/barbican/meta/main.yml
index da38a2e16..7d301963c 100644
--- a/roles/barbican/meta/main.yml
+++ b/roles/barbican/meta/main.yml
@@ -30,6 +30,8 @@ galaxy_info:
 
 dependencies:
   - role: defaults
+  - role: openstacksdk
+  - role: openstack_cli
   - role: openstack_helm_endpoints
     vars:
       openstack_helm_endpoints_chart: barbican
diff --git a/roles/barbican/tasks/main.yml b/roles/barbican/tasks/main.yml
index ea46932ee..8aebdae95 100644
--- a/roles/barbican/tasks/main.yml
+++ b/roles/barbican/tasks/main.yml
@@ -30,3 +30,24 @@
     openstack_helm_ingress_service_name: barbican-api
     openstack_helm_ingress_service_port: 9311
     openstack_helm_ingress_annotations: "{{ barbican_ingress_annotations }}"
+
+- name: Create creator role
+  openstack.cloud.identity_role:
+    cloud: atmosphere
+    state: present
+    name: creator
+
+- name: Add implied roles
+  run_once: true
+  ansible.builtin.shell: |
+    openstack implied role create \
+      --implied-role {{ item.implies }} \
+      {{ item.role }}
+  loop:
+    - role: member
+      implies: creator
+  environment:
+    OS_CLOUD: atmosphere
+  register: _octavia_implied_role_create
+  changed_when: _octavia_implied_role_create.rc == 0
+  failed_when: _octavia_implied_role_create.rc != 0 and 'Duplicate entry.' not in _octavia_implied_role_create.stderr