puppet-openstacklib/manifests/clouds.pp
Takashi Kajinami 522d06ba8b Support clouds.yaml to manage keystone user credentials
Recent openstack cli supports loading user credentials from clouds.yaml
instead of passing each parameters by environment variables or command
options.

This allows us to manage user credentials more flexibly. The biggest
benefit of the clouds.yaml file is that it supports managing multiple
credentials in a single file. When SRBAC is enforced, each API request
should be made with the proper scope credential, and we need to switch
credentials for different scopes(project, domain and system) according.
Usage of clouds.yaml helps this use case hugely because it allows us to
store credentials for each scope in a single file and switch them by
the single OS_CLOUD environment variable(or the --os-cloud option).

Change-Id: Ie8246aa18d90ba506fe708be13c9a5afa3e5d2fd
2022-01-18 09:06:01 +09:00

76 lines
1.8 KiB
Puppet

# == Class: openstacklib::clouds
#
# Generates clouds.yaml for openstack CLI
#
# == Parameters
#
# [*username*]
# (Required) The name of the keystone user.
#
# [*password*]
# (Required) Password of the keystone user.
#
# [*auth_url*]
# (Required) The URL to use for authentication.
#
# [*path*]
# (Optional) Path to the clouds.yaml file.
# Defaults to $name
#
# [*user_domain_name*]
# (Optional) Name of domain for $username.
# Defaults to 'Default'
#
# [*project_name*]
# (Optional) The name of the keystone project.
# Defaults to undef
#
# [*project_domain_name*]
# (Optional) Name of domain for $project_name.
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to undef
#
# [*interface*]
# (Optional) Determine the endpoint to be used.
# Defaults to undef
#
# [*region_name*]
# (Optional) The region in which the service can be found.
# Defaults to undef
#
# [*api_versions*]
# (Optional) Hash of service type and version to determine API version
# for that service to use.
# Example: { 'identity' => '3', 'compute' => '2.latest' }
# Defaults to {}
#
define openstacklib::clouds(
$username,
$password,
$auth_url,
$path = $name,
$user_domain_name = 'Default',
$project_name = undef,
$project_domain_name = 'Default',
$system_scope = undef,
$interface = undef,
$region_name = undef,
$api_versions = {},
) {
if !$project_name and !$system_scope {
fail('One of project_name and system_scope should be set')
}
file { $path:
ensure => 'present',
mode => '0600',
owner => 'root',
group => 'root',
content => template('openstacklib/clouds.yaml.erb'),
}
}