522d06ba8b
Recent openstack cli supports loading user credentials from clouds.yaml instead of passing each parameters by environment variables or command options. This allows us to manage user credentials more flexibly. The biggest benefit of the clouds.yaml file is that it supports managing multiple credentials in a single file. When SRBAC is enforced, each API request should be made with the proper scope credential, and we need to switch credentials for different scopes(project, domain and system) according. Usage of clouds.yaml helps this use case hugely because it allows us to store credentials for each scope in a single file and switch them by the single OS_CLOUD environment variable(or the --os-cloud option). Change-Id: Ie8246aa18d90ba506fe708be13c9a5afa3e5d2fd
76 lines
1.8 KiB
Puppet
76 lines
1.8 KiB
Puppet
# == Class: openstacklib::clouds
|
|
#
|
|
# Generates clouds.yaml for openstack CLI
|
|
#
|
|
# == Parameters
|
|
#
|
|
# [*username*]
|
|
# (Required) The name of the keystone user.
|
|
#
|
|
# [*password*]
|
|
# (Required) Password of the keystone user.
|
|
#
|
|
# [*auth_url*]
|
|
# (Required) The URL to use for authentication.
|
|
#
|
|
# [*path*]
|
|
# (Optional) Path to the clouds.yaml file.
|
|
# Defaults to $name
|
|
#
|
|
# [*user_domain_name*]
|
|
# (Optional) Name of domain for $username.
|
|
# Defaults to 'Default'
|
|
#
|
|
# [*project_name*]
|
|
# (Optional) The name of the keystone project.
|
|
# Defaults to undef
|
|
#
|
|
# [*project_domain_name*]
|
|
# (Optional) Name of domain for $project_name.
|
|
# Defaults to 'Default'
|
|
#
|
|
# [*system_scope*]
|
|
# (Optional) Scope for system operations.
|
|
# Defaults to undef
|
|
#
|
|
# [*interface*]
|
|
# (Optional) Determine the endpoint to be used.
|
|
# Defaults to undef
|
|
#
|
|
# [*region_name*]
|
|
# (Optional) The region in which the service can be found.
|
|
# Defaults to undef
|
|
#
|
|
# [*api_versions*]
|
|
# (Optional) Hash of service type and version to determine API version
|
|
# for that service to use.
|
|
# Example: { 'identity' => '3', 'compute' => '2.latest' }
|
|
# Defaults to {}
|
|
#
|
|
define openstacklib::clouds(
|
|
$username,
|
|
$password,
|
|
$auth_url,
|
|
$path = $name,
|
|
$user_domain_name = 'Default',
|
|
$project_name = undef,
|
|
$project_domain_name = 'Default',
|
|
$system_scope = undef,
|
|
$interface = undef,
|
|
$region_name = undef,
|
|
$api_versions = {},
|
|
) {
|
|
|
|
if !$project_name and !$system_scope {
|
|
fail('One of project_name and system_scope should be set')
|
|
}
|
|
|
|
file { $path:
|
|
ensure => 'present',
|
|
mode => '0600',
|
|
owner => 'root',
|
|
group => 'root',
|
|
content => template('openstacklib/clouds.yaml.erb'),
|
|
}
|
|
}
|