integrate cortex users

roles/cortex/tasks/configure.yml

+---
+
+- name: migrate(create) cortex database
+  remote_user: root
+  shell: "curl -X POST http://127.0.0.1:9001/api/maintenance/migrate -H 'Content-Type: application/json'"
+  run_once: True
+
+- name: copy json file for admin user creation in cortex container
+  remote_user: root
+  template:
+    src: admin.json
+    dest: /tmp/admin.json
+
+- name: Create Admin(superadmin) user in cortex
+  shell: "curl -X POST http://127.0.0.1:9001/api/user -H 'Content-Type: application/json' -d @/tmp/admin.json"
+  run_once: True
+
+- name: enable basic auth
+  remote_user: root
+  lineinfile:
+    dest: "/etc/cortex/application.conf"
+    insertafter: 'auth {'
+    line: "        method.basic = true"
+  
+- name: Restart Cortex
+  remote_user: root
+  command: "supervisorctl restart cortex"
+
+- name: Wait for Cortex
+  remote_user: root
+  wait_for:
+    host: "{{groups['cortex'][0]}}"
+    port: 9001
+    state: started
+    delay: 5
+
+- name: generate api key for admin user
+  remote_user: root
+  shell: "curl -XPOST -u 'admin:{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}' 'http://127.0.0.1:9001/api/user/admin/key/renew'"
+  run_once: True
+  register: cortexadminuserkey
+  args:
+    warn: false
+  run_once: True
+
+- set_fact:
+    cortexadminuserapikey={{ cortexadminuserkey.stdout }}
+
+- name: copy cortex API key to local file
+  local_action: copy content="{{cortexadminuserapikey}}" dest=secrets/tokens/cortex_secret_key
+
+- name: copy json file for organization creation in cortex
+  remote_user: root
+  template:
+    src: cortex_organization.json
+    dest: /tmp/cortex_organization.json
+
+- name: create organization in cortex
+  remote_user: root
+  shell: "curl -XPOST -H 'Authorization: Bearer {{cortexadminuserapikey}}' -H 'Content-Type: application/json' 'http://127.0.0.1:9001/api/organization' -d  @/tmp/cortex_organization.json"
+  run_once: True
+
+- name: disable basic auth
+  remote_user: root
+  lineinfile:
+    dest: "/etc/cortex/application.conf"
+    regexp: 'method.basic = true'
+    state: absent
+
+- name: Restart Cortex
+  remote_user: root
+  command: "supervisorctl restart cortex"
+
+- name: Wait for Cortex
+  remote_user: root
+  wait_for:
+    host: "{{groups['cortex'][0]}}"
+    port: 9001
+    state: started
+    delay: 5
+

roles/cortex/tasks/main.yml

@@ -8,6 +8,9 @@
    - start
    - start-cortex
    - init
+- include: configure.yml
+  tags:
+   - init
 - include: stop.yml
   tags:
    - stop

roles/cortex/templates/admin.json

+{"login":"admin","name":"Admin","password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}","roles":["superadmin"],"organization":"cortex"}

roles/cortex/templates/application.conf.j2

@@ -127,7 +127,7 @@ auth {
     # scope = "profile"
 
     userIdField = "email"
-    scope = ["openid email profile offline_access User.Read"]
+    scope = ["openid email profile"]
   }
 
   ws.ssl.trustManager {
@@ -143,10 +143,10 @@ auth {
 
   # Single-Sign On
   sso {
-    autocreate = false
-    autoupdate = false
+    autocreate = true
+    autoupdate = true
     autologin = true
-    defaultRoles = ["read"]
+    defaultRoles = ["read", "analyze"]
     defaultOrganization = "{{domain}}"
 
     mapper = simple

roles/cortex/templates/cortex_organization.json

+{"name": "{{domain}}", "description": "{{domain}}", "status": "Active"}