openidc.sh

#!/bin/bash
sudo snap install yq
tmpfile=$(mktemp /tmp/action-out.XXXXXX)
tmpfile_ca=$(mktemp /tmp/ca.XXXXXX)
juju run openidc-server/0 get-test-client-data --format json > $tmpfile
URL=$(cat $tmpfile | yq '.openidc-server/0.results.url')
CERT=$(cat $tmpfile | yq '.openidc-server/0.results.ca')
CLIENT=$(cat $tmpfile | yq '.openidc-server/0.results.client')
CLIENT_SECRET=$(cat $tmpfile | yq '.openidc-server/0.results.client-secret')
USER=$(cat $tmpfile | yq '.openidc-server/0.results.user')
PASSWORD=$(cat $tmpfile | yq '.openidc-server/0.results.password')
juju config keystone-openidc oidc-provider-metadata-url=$URL
juju config keystone-openidc tls-ca="$CERT"
juju config keystone-openidc oidc-client-id=$CLIENT
juju config keystone-openidc oidc-client-secret=$CLIENT_SECRET

KEYSTONE_IP=$(juju status | awk '/^keystone\s/ {print $7}')
PROJECT_NAME="${USER}_project"
FEDERATED_DOMAIN="federated_domain"
CA_FILE="/home/ubuntu/ca.pem"
echo "$CERT" > $CA_FILE

echo "
export OS_AUTH_TYPE=v3oidcpassword
export OS_DISCOVERY_ENDPOINT=\"$URL\"

export OS_OPENID_SCOPE=\"openid email profile\"
export OS_CLIENT_ID=\"$CLIENT\"
export OS_CLIENT_SECRET=\"$CLIENT_SECRET\"
export OS_IDENTITY_PROVIDER=openid
export OS_PROTOCOL=openid


export OS_USERNAME=\"$USER\"
export OS_PASSWORD=\"$PASSWORD\"

export OS_AUTH_URL=\"http://${KEYSTONE_IP}:5000/v3\"
export OS_PROJECT_DOMAIN_NAME=\"${FEDERATED_DOMAIN}\"
export OS_PROJECT_NAME=\"$PROJECT_NAME\"
export OS_CACERT=\"$CA_FILE\"
"