Azure with Subscription: fixup and include generated password (#7045)

* return proper generated_password syntax

* add generated_password

* emit the guid

* fix showroom_deploy name

ansible/cloud_providers/azure_infrastructure_deployment.yml

@@ -15,6 +15,15 @@
     AZURE_CONFIG_DIR: "{{ output_dir }}/.azure-{{project_tag}}"
   tasks:
 
+    # shouldn't this be in defaults/main.yml?
+    - name: Generate Azure bastion password
+      when: generated_password is not defined
+      ansible.builtin.set_fact:
+        generated_password: >-
+          {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=letters') -}}
+          {{- lookup('ansible.builtin.password', '/dev/null length=10') -}}
+          {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=digits') -}}
+
     - name: Create fact _subscription_id = azure_subscription_id if not subs based
       when: env_type != "open-environment-azure-subscription"
       ansible.builtin.set_fact:

ansible/configs/open-environment-azure-subscription/default_vars.yml

@@ -1,4 +1,8 @@
 ---
+# azure user domain: purpose?
+# is this the red hat Azure AD?
+azure_user_domain: azure.opentlc.com
+
 # deploy a bastion - not required for a basic open-env
 azure_deploy_bastion: false
 
@@ -56,8 +60,6 @@ azure_config_dir: "/tmp/azure-{{ guid }}"
 azure_root_dns_zone: azure.redhatworkshops.io
 cluster_dns_zone: azure.redhatworkshops.io
 HostedZoneId: "{{ azure_root_dns_zone }}"
-generated_password: >-
-  {{- lookup('ansible.builtin.password', '/dev/null', length=10, chars=['ascii_letters', 'digits', 'punctuation']) -}}
 
 # Azure DNS resource group
 azure_dns_resource_group: rhpds-dns-handler

ansible/configs/open-environment-azure-subscription/infra.yml

@@ -11,7 +11,6 @@
       ansible.builtin.set_fact:
         azure_subscription_id: "{{ subscription_id }}"
         az_resource_group: "openenv-{{ guid }}"
-        generated_password: "{{ generated_password }}"
 
 # must be indented as is, or fails on "import_playbook has extra params"
 - name: Deploy a bastion, if desired

ansible/configs/open-environment-azure-subscription/post_software.yml

@@ -121,6 +121,7 @@
           azure_service_principal_id: "{{ azapp.applications[0].app_id }}"
           azure_service_principal_password: "{{ azpass }}"
           azure_tenant_id: "{{ azure_tenant }}"
+          guid: "{{ guid }}"
 
     - name: Provide installed bastion data
       when:
@@ -139,7 +140,7 @@
     showroom_component_name: "aro-ilt"
   tasks:
     - name: Deploy Showroom
-      when: showroom_deploya | default(false) | bool
+      when: showroom_deploy | default(false) | bool
       include_role:
         name: showroom
 

ansible/roles/open-env-azure-create-open-env/tasks/main.yml

@@ -173,10 +173,13 @@
 - name: Save ARO SP password
   ansible.builtin.set_fact: az_aro_pass="{{ azaroappcreate.stdout | from_json | json_query('password') }}"
 
+# shouldn't this be in defaults/main.yml?
 - name: Generate open env password
   ansible.builtin.set_fact:
     generated_password: >-
-      {{- lookup('ansible.builtin.password', '/dev/null', length=10, chars=['ascii_letters', 'digits', 'punctuation']) -}}
+      {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=letters') -}}
+      {{- lookup('ansible.builtin.password', '/dev/null length=10') -}}
+      {{- lookup('ansible.builtin.password', '/dev/null length=1 chars=digits') -}}
 
 - name: Set openenv admin UPN
   ansible.builtin.set_fact: openenv_admin_upn="openenv-admin-{{ guid }}@{{ azure_user_domain }}"