openstack/fuel-library
Code Issues Proposed changes
cd6dcdab96
fuel-library/deployment/puppet/keystone/manifests/resource/service_identity.pp
vsaienko 252969895a sync keystone with upstream 
master de419015bb96d83135b306d9fb34e77e033c26cb
  sources https://github.com/openstack/puppet-keystone

Partially Implements: blueprint upgrade-openstack-puppet-modules
Fuel-CI: disable

Change-Id: Idedef32288e214486d05225b09147b5b1c30cdab
2015-07-07 09:16:09 +00:00

165 lines
4.3 KiB
Puppet
Raw Blame History

#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Author: Emilien Macchi <emilien.macchi@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Definition: keystone::resource::service_identity
#
# This resource configures Keystone resources for an OpenStack service.
#
# == Parameters:
#
# [*password*]
# Password to create for the service user;
# string; required
#
# [*auth_name*]
# The name of the service user;
# string; optional; default to the $title of the resource, i.e. 'nova'
#
# [*service_name*]
# Name of the service;
# string; required
#
# [*service_type*]
# Type of the service;
# string; required
#
# [*service_description*]
# Description of the service;
# string; optional: default to '$name service'
#
# [*public_url*]
# Public endpoint URL;
# string; required
#
# [*internal_url*]
# Internal endpoint URL;
# string; required
#
# [*admin_url*]
# Admin endpoint URL;
# string; required
#
# [*region*]
# Endpoint region;
# string; optional: default to 'RegionOne'
#
# [*tenant*]
# Service tenant;
# string; optional: default to 'services'
#
# [*ignore_default_tenant*]
# Ignore setting the default tenant value when the user is created.
# string; optional: default to false
#
# [*roles*]
# List of roles;
# string; optional: default to ['admin']
#
# [*domain*]
# User domain (keystone v3), not implemented yet.
# string; optional: default to undef
#
# [*email*]
# Service email;
# string; optional: default to '$auth_name@localhost'
#
# [*configure_endpoint*]
# Whether to create the endpoint.
# string; optional: default to True
#
# [*configure_user*]
# Whether to create the user.
# string; optional: default to True
#
# [*configure_user_role*]
# Whether to create the user role.
# string; optional: default to True
#
# [*configure_service*]
# Whether to create the service.
# string; optional: default to True
#
define keystone::resource::service_identity(
$admin_url = false,
$internal_url = false,
$password = false,
$public_url = false,
$service_type = false,
$auth_name = $name,
$configure_endpoint = true,
$configure_user = true,
$configure_user_role = true,
$configure_service = true,
$domain = undef,
$email = "${name}@localhost",
$region = 'RegionOne',
$service_name = undef,
$service_description = "${name} service",
$tenant = 'services',
$ignore_default_tenant = false,
$roles = ['admin'],
) {
if $domain {
warning('Keystone domains are not yet managed by puppet-keystone.')
}
if $service_name == undef {
$service_name_real = $auth_name
} else {
$service_name_real = $service_name
}
if $configure_user {
ensure_resource('keystone_user', $auth_name, {
'ensure' => 'present',
'enabled' => true,
'password' => $password,
'email' => $email,
'tenant' => $tenant,
'ignore_default_tenant' => $ignore_default_tenant,
})
}
if $configure_user_role {
ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
'ensure' => 'present',
'roles' => $roles,
})
if $configure_user {
Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
}
}
if $configure_service {
ensure_resource('keystone_service', $service_name_real, {
'ensure' => 'present',
'type' => $service_type,
'description' => $service_description,
})
}
if $configure_endpoint {
ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
'ensure' => 'present',
'public_url' => $public_url,
'admin_url' => $admin_url,
'internal_url' => $internal_url,
})
}
}
View Git Blame Copy Permalink