diff --git a/doc/source/roles/role-tripleo-keystone-resources.rst b/doc/source/roles/role-tripleo-keystone-resources.rst new file mode 100644 index 000000000..53d3f6992 --- /dev/null +++ b/doc/source/roles/role-tripleo-keystone-resources.rst @@ -0,0 +1,6 @@ +================================= +Role - tripleo-keystone-resources +================================= + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo-keystone-resources diff --git a/tripleo_ansible/ansible_plugins/filter/helpers.py b/tripleo_ansible/ansible_plugins/filter/helpers.py index 2e44c4e18..b9321e30b 100644 --- a/tripleo_ansible/ansible_plugins/filter/helpers.py +++ b/tripleo_ansible/ansible_plugins/filter/helpers.py @@ -37,7 +37,10 @@ class FilterModule(object): 'needs_delete': self.needs_delete, 'haskey': self.haskey, 'list_of_keys': self.list_of_keys, - 'container_exec_cmd': self.container_exec_cmd + 'container_exec_cmd': self.container_exec_cmd, + 'get_key_from_dict': self.get_key_from_dict, + 'get_role_assignments': self.get_role_assignments, + 'get_domain_id': self.get_domain_id } def subsort(self, dict_to_sort, attribute, null_value=0): @@ -157,11 +160,10 @@ class FilterModule(object): return to_delete - def haskey(self, batched_container_data, attribute, value=None, - reverse=False, any=False): - """Return container data with a specific config key. + def haskey(self, data, attribute, value=None, reverse=False, any=False): + """Return dict data with a specific key. - This filter will take a list of dictionaries (batched_container_data) + This filter will take a list of dictionaries (data) and will return the dictionnaries which have a certain key given in parameter with 'attribute'. If reverse is set to True, the returned list won't contain dictionaries @@ -170,11 +172,11 @@ class FilterModule(object): the list of values for "value" parameter which has to be a list. """ return_list = [] - for container in batched_container_data: - for k, v in json.loads(json.dumps(container)).items(): + for i in data: + for k, v in json.loads(json.dumps(i)).items(): if attribute in v and not reverse: if value is None: - return_list.append({k: v}) + return_list.append(i) else: if isinstance(value, list) and any: if v[attribute] in value: @@ -201,6 +203,39 @@ class FilterModule(object): list_of_keys.append(k) return list_of_keys + def get_key_from_dict(self, data, key, strict=False, default=None): + """Return a list of unique values from a specific key from a dict. + + This filter takes in input a list of dictionaries and for each of them + it will add the value of a specific key into returned_list and + returns it sorted. If the key has to be part of the dict, set strict to + True. A default can be set if the key doesn't exist but strict has to + be set to False. + """ + returned_list = [] + for i in data.items(): + value = i[1].get(key) + if value is None and not strict and default is not None: + value = default + if value is None: + if strict: + raise TypeError('Missing %s key in ' + '%s' % (key, i[0])) + else: + continue + if isinstance(value, list): + for v in value: + if v not in returned_list: + returned_list.append(v) + elif isinstance(value, dict): + for k, v in value.items(): + if v not in returned_list: + returned_list.append({k: v}) + else: + if value not in returned_list: + returned_list.append(value) + return returned_list + def list_or_dict_arg(self, data, cmd, key, arg): """Utility to build a command and its argument with list or dict data. @@ -235,3 +270,59 @@ class FilterModule(object): self.list_or_dict_arg(data, cmd, 'environment', '--env') cmd.extend(data['command']) return cmd + + def get_role_assignments(self, data, default_role='admin', + default_project='service'): + """Return a dict of all roles and their users. + + This filter takes in input the keystone resources data and + returns a dict where each key is a role and its users assigned. + If 'domain' or 'project' are specified, they are added to the user + entry; so the user will be assign to the domain or the project. + If no domain and no project are specified, default_project will be + used. + Note that domain and project are mutually exclusive in Keystone v3. + """ + returned_dict = {} + for d in data: + for k, v in d.items(): + roles = v.get('roles', default_role) + domain = v.get('domain') + project = v.get('project') + + if domain is not None and project is not None: + raise TypeError('domain and project need to be mutually ' + 'exclusive for user: %s' % k) + + if isinstance(roles, list): + for r in roles: + if r not in returned_dict: + returned_dict[r] = [] + if domain is not None: + returned_dict[r].append({k: {'domain': domain}}) + elif project is not None: + returned_dict[r].append({k: {'project': project}}) + else: + returned_dict[r].append({k: {'project': + default_project}}) + else: + if roles not in returned_dict: + returned_dict[roles] = [] + if domain is not None: + returned_dict[roles].append({k: {'domain': domain}}) + elif project is not None: + returned_dict[roles].append({k: {'project': project}}) + else: + returned_dict[roles].append({k: {'project': + default_project}}) + return returned_dict + + def get_domain_id(self, domain_name, all_domains): + """Return the ID of a domain by its name. + + This filter taks in input a domain name and a dictionary with all + domain informations. + """ + for d in all_domains: + if d.get('name') == domain_name: + return d.get('id') diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml b/tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml new file mode 100644 index 000000000..fc73e169c --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. + +# All variables within this role should have a prefix of "tripleo_keystone_resources" +tripleo_keystone_resources_cloud_name: openstack +tripleo_keystone_resources_cloud_config: {} +tripleo_keystone_resources_clouds_file_path: /etc/openstack/clouds.yaml +tripleo_keystone_resources_clouds_file_owner: root +tripleo_keystone_resources_clouds_file_group: root +tripleo_keystone_resources_clouds_file_mode: '0644' +tripleo_keystone_resources_catalog_config: {} +tripleo_keystone_resources_member_role_enabled: false +tripleo_keystone_resources_batch: 10 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml b/tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml new file mode 100644 index 000000000..5053270da --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-keystone-resources + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile new file mode 100644 index 000000000..c58ca6538 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] \ No newline at end of file diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone new file mode 100644 index 000000000..b1803707c --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/Dockerfile.keystone @@ -0,0 +1,15 @@ +FROM centos:7 +LABEL maintainer="dev@cloudesire.com" + +ENV OS_RELEASE=train + +RUN yum clean all \ + && yum -y update \ + && yum -y install centos-release-openstack-${OS_RELEASE} \ + && yum -y install openstack-keystone openstack-utils python-openstackclient \ + && yum clean all + +COPY start_keystone.sh / +EXPOSE 5000 35357 + +CMD ["/start_keystone.sh"] diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml new file mode 100644 index 000000000..525cf0bdb --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/molecule.yml @@ -0,0 +1,40 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + network_mode: host + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml new file mode 100644 index 000000000..e0fdfed70 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/playbook.yml @@ -0,0 +1,51 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + tasks: + - name: Create openstack directory + file: + path: /etc/openstack + state: directory + - name: Configure /etc/openstack/clouds.yaml + include_role: + name: tripleo-keystone-resources + tasks_from: clouds + vars: + tripleo_keystone_resources_cloud_name: openstack + tripleo_keystone_resources_cloud_config: + auth: + auth_url: http://localhost:5000/ + project_name: "admin" + username: "admin" + password: "ADMIN_PASS" + project_domain_id: default + user_domain_id: default + identity_api_version: 3 + region_name: RegionOne + - name: Create keystone admin resources + include_role: + name: tripleo-keystone-resources + tasks_from: admin + vars: + tripleo_keystone_resources_cloud_name: openstack + tripleo_keystone_resources_region: RegionOne + tripleo_keystone_resources_admin_password: "ADMIN_PASS" + tripleo_keystone_resources_admin_endpoint: "http://localhost:35357" + tripleo_keystone_resources_internal_endpoint: "http://localhost:5000" + tripleo_keystone_resources_public_endpoint: "http://localhost:5000" diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml new file mode 100644 index 000000000..eaff9a4f1 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/prepare.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- hosts: localhost + connection: local + tasks: + + - name: Build keystone container + shell: docker build -t keystone-img -f Dockerfile.keystone . + + - name: Run keystone container + shell: docker run -d -p 5000:5000 --name keystone-docker keystone-img + +- name: Prepare + hosts: all + tasks: + + - include_role: + name: test_deps + vars: + test_deps_setup_tripleo: true + + - name: Instal pre packages + package: + name: + - python-setuptools + - python-openstacksdk + - python-openstackclient + - python-keystoneclient + - ansible diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh new file mode 100755 index 000000000..a6b618dd2 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/molecule/default/start_keystone.sh @@ -0,0 +1,93 @@ +#!/bin/bash +set -x + +### Openstack Keystone + +: ${OS_RELEASE:=queens} +: ${IPADDR:=127.0.0.1} +# Identity service configuration +: ${OS_IDENTITY_URL_IPADDR:=$IPADDR} +: ${OS_IDENTITY_API_VERSION:=3} +: ${OS_IDENTITY_SERVICE_REGION:=RegionOne} +: ${OS_IDENTITY_SERVICE_NAME:=keystone} +: ${OS_IDENTITY_ADMIN_DOMAIN:=default} +: ${OS_IDENTITY_ADMIN_PROJECT:=admin} +: ${OS_IDENTITY_ADMIN_USERNAME:=admin} +: ${OS_IDENTITY_ADMIN_PASSWD:=ADMIN_PASS} +: ${OS_IDENTITY_ADMIN_ROLE:=admin} +: ${OS_IDENTITY_URL_ADMIN:=http://${IPADDR}:35357} +: ${OS_IDENTITY_URL_INTERNAL:=http://${IPADDR}:5000} +: ${OS_IDENTITY_URL_PUBLIC:=http://${IPADDR}:5000} +# Object store configuration +: ${OS_OBJECTSTORE_URL_IPADDR:=$IPADDR} +: ${OS_OBJECTSTORE_SERVICE_REGION:=RegionOne} +: ${OS_OBJECTSTORE_SERVICE_NAME:=openio-swift} +: ${OS_OBJECTSTORE_SERVICE_DESC:=OpenIO Swift Object Storage Service} +: ${OS_OBJECTSTORE_DOMAIN:=default} +: ${OS_OBJECTSTORE_PROJECT:=service} +: ${OS_OBJECTSTORE_USERNAME:=swift} +: ${OS_OBJECTSTORE_PASSWD:=SWIFT_PASS} +: ${OS_OBJECTSTORE_ROLE:=admin} +: ${OS_OBJECTSTORE_URL_ADMIN:=http://${IPADDR}:6007/v1} +: ${OS_OBJECTSTORE_URL_INTERNAL:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s} +: ${OS_OBJECTSTORE_URL_PUBLIC:=http://${IPADDR}:6007/v1/AUTH_%(tenant_id)s} +# Demo user setup +: ${OS_USER_DEMO_DOMAIN:=default} +: ${OS_USER_DEMO_PROJECT:=demo} +: ${OS_USER_DEMO_USERNAME:=demo} +: ${OS_USER_DEMO_PASSWD:=DEMO_PASS} +: ${OS_USER_DEMO_ROLE:=admin} + +echo '> Configuring Keystone ...' +# Set log to stderr for Docker +openstack-config --set /etc/keystone/keystone.conf DEFAULT use_stderr True +# Use a local sqlite database for demo purposes +openstack-config --set /etc/keystone/keystone.conf database connection 'sqlite:////var/lib/keystone/keystone.db' +keystone-manage credential_setup \ + --keystone-user keystone \ + --keystone-group keystone +keystone-manage fernet_setup \ + --keystone-user keystone \ + --keystone-group keystone +keystone-manage db_sync +keystone-manage bootstrap \ + --bootstrap-project-name "$OS_IDENTITY_ADMIN_PROJECT" \ + --bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \ + --bootstrap-username "$OS_IDENTITY_ADMIN_USERNAME" \ + --bootstrap-password "$OS_IDENTITY_ADMIN_PASSWD" \ + --bootstrap-role-name "$OS_IDENTITY_ADMIN_ROLE" \ + --bootstrap-service-name "$OS_IDENTITY_SERVICE_NAME" \ + --bootstrap-region-id "$OS_IDENTITY_SERVICE_REGION" \ + --bootstrap-admin-url "$OS_IDENTITY_URL_ADMIN" \ + --bootstrap-public-url "$OS_IDENTITY_URL_PUBLIC" \ + --bootstrap-internal-url "$OS_IDENTITY_URL_INTERNAL" + +# Using uwsgi for demo purposes +echo '> Starting Keystone admin service ...' +/usr/bin/keystone-wsgi-admin --port 35357 & + + +# Admin credentials +cat </keystone_adminrc +export OS_IDENTITY_API_VERSION="$OS_IDENTITY_API_VERSION" +#export OS_AUTH_URL="$OS_IDENTITY_URL_PUBLIC" +export OS_AUTH_URL="$OS_IDENTITY_URL_ADMIN" +export OS_USER_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN" +export OS_PROJECT_DOMAIN_ID="$OS_IDENTITY_ADMIN_DOMAIN" +export OS_PROJECT_NAME="$OS_IDENTITY_ADMIN_PROJECT" +export OS_USERNAME="$OS_IDENTITY_ADMIN_USERNAME" +export OS_PASSWORD="$OS_IDENTITY_ADMIN_PASSWD" +EOF +source /keystone_adminrc + +# Keystone policy +cat </etc/keystone/policy.json +{ + "admin_or_owner": "role:admin or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + "admin_api": "role:admin" +} +EOF + +echo '> Starting Keystone public service ...' +/usr/bin/keystone-wsgi-public --port 5000 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml new file mode 100644 index 000000000..12c0e760e --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/admin.yml @@ -0,0 +1,93 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create default domain + os_keystone_domain: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: default + +- name: Create admin and service projects + include_tasks: projects.yml + vars: + batched_tripleo_keystone_resources_projects: + - admin + - service + +- name: Create admin role + os_keystone_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: admin + +- name: Create _member_ role + os_keystone_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: _member_ + when: + - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled) + +- name: Create admin user + os_user: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: admin + password: "{{ tripleo_keystone_resources_admin_password }}" + email: "admin@localhost" + domain: default + +- name: Assign admin role to admin project for admin user + os_user_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + user: admin + project: admin + role: admin + +- name: Assign _member_ role to admin project for admin user + os_user_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + user: admin + project: admin + role: '_member_' + when: + - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled) + +- name: Create identity service + os_keystone_service: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: keystone + service_type: identity + +- name: Create identity public endpoint + os_keystone_endpoint: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + service: keystone + url: "{{ tripleo_keystone_resources_public_endpoint }}" + endpoint_interface: public + region: "{{ tripleo_keystone_resources_region }}" + +- name: Create identity internal endpoint + os_keystone_endpoint: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + service: keystone + url: "{{ tripleo_keystone_resources_internal_endpoint }}" + endpoint_interface: internal + region: "{{ tripleo_keystone_resources_region }}" + +- name: Create identity admin endpoint + os_keystone_endpoint: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + service: keystone + url: "{{ tripleo_keystone_resources_admin_endpoint }}" + endpoint_interface: admin + region: "{{ tripleo_keystone_resources_region }}" diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml new file mode 100644 index 000000000..dc5b4b3f4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/clouds.yml @@ -0,0 +1,53 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +- name: "Check if {{ tripleo_keystone_resources_clouds_file_path }} exists" + become: true + stat: + path: "{{ tripleo_keystone_resources_clouds_file_path }}" + register: attr_clouds + +# This task is required or config_template will fail if the src file didn't exist +- name: "Create empty {{ tripleo_keystone_resources_clouds_file_path }} if it does not exist" + become: true + copy: + content: |- + --- + clouds: {} + dest: "{{ tripleo_keystone_resources_clouds_file_path }}" + when: + - not attr_clouds.stat.exists + +- name: "Configure {{ tripleo_keystone_resources_clouds_file_path }}" + include_role: + name: tripleo-config + vars: + tripleo_config_dest: "{{ tripleo_keystone_resources_clouds_file_path }}" + tripleo_config_group: "{{ tripleo_keystone_resources_clouds_file_group }}" + tripleo_config_mode: "{{ tripleo_keystone_resources_clouds_file_mode }}" + tripleo_config_overrides: |- + {% set cloud_config = {'clouds': {}} %} + {% set _ = cloud_config['clouds'].__setitem__( + tripleo_keystone_resources_cloud_name, + tripleo_keystone_resources_cloud_config + ) + %} + {{ cloud_config }} + tripleo_config_owner: "{{ tripleo_keystone_resources_clouds_file_owner }}" + tripleo_config_remote_src: true + tripleo_config_src: "{{ tripleo_keystone_resources_clouds_file_path }}" + tripleo_config_type: yaml diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml new file mode 100644 index 000000000..4eb08fee9 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/domains.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Async creation of Keystone domains + os_keystone_domain: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: "{{ tripleo_keystone_resources_domain }}" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_domain_results + loop: "{{ batched_tripleo_keystone_resources_data }}" + loop_control: + loop_var: tripleo_keystone_resources_domain + +- name: Check Keystone domain status + async_status: + jid: "{{ tripleo_keystone_resources_domain_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_domain_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_domain_async_result_item" + register: tripleo_keystone_resources_domain_async_poll_results + until: tripleo_keystone_resources_domain_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml new file mode 100644 index 000000000..1006d8b2b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/endpoints.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: "Async creation of Keystone {{ keystone_endpoint_type }} endpoint" + os_keystone_endpoint: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + service: "{{ tripleo_keystone_resources_data.key }}" + url: "{{ tripleo_keystone_resources_data['value']['endpoints'][keystone_endpoint_type] }}" + endpoint_interface: "{{ keystone_endpoint_type }}" + region: "{{ tripleo_keystone_resources_data.value.region }}" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_endpoint_results + loop: "{{ batched_tripleo_keystone_resources_data }}" + loop_control: + loop_var: tripleo_keystone_resources_data + +- name: "Check Keystone {{ keystone_endpoint_type }} endpoint status" + async_status: + jid: "{{ tripleo_keystone_resources_endpoint_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_endpoint_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_endpoint_async_result_item" + register: tripleo_keystone_resources_endpoint_async_poll_results + until: tripleo_keystone_resources_endpoint_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml new file mode 100644 index 000000000..55428e326 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_new.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Collect OpenStack Keystone domains infos + os_keystone_domain_info: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + register: openstack_domains diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml new file mode 100644 index 000000000..d55bb5214 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/gather_domains_old.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +- name: Collect OpenStack Keystone domains facts + os_keystone_domain_facts: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + register: tripleo_domains_facts + +- name: Create openstack_domains fact + set_fact: + openstack_domains: "{{ tripleo_domains_facts['ansible_facts']['openstack_domains'] }}" diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml new file mode 100644 index 000000000..d8b8c0208 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/loop-endpoints.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: "Create Keystone {{ keystone_endpoint_type }} endpoints" + include_tasks: endpoints.yml + loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='endpoints') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_data diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml new file mode 100644 index 000000000..58feb2f75 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml @@ -0,0 +1,101 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "tripleo-keystone-resources" will search for and load any operating system variable file + +# found within the "vars/" path. If no OS files are found the task will skip. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - skip: true + files: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Create Keystone Admin resources + include_tasks: admin.yml + +- name: Create Keystone Projects + include_tasks: projects.yml + loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='project', default='service') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_projects + +- name: Create Keystone Domains + include_tasks: domains.yml + loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='domains') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_data + +# We need to gather domains so later we can convert a domain name into a domain ID. +# This is needed because os_user_role doesn't do the conversion yet in the version +# of Ansible that we use. This block will disappear once we use the new modules +# from OpenStack collections. +# In recents version of Ansible, this module was renamed to os_keystone_domain_info. +# Which is why we don't use the same module to gather domains infos. +- name: Gather all OpenStack domains for Ansible < 2.9.2 + include_tasks: gather_domains_old.yml + # See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a + when: + - ansible_version.full is version_compare('2.9.2', '<') + +- name: Gather all OpenStack domains for Ansible >= 2.9.2 + include_tasks: gather_domains_new.yml + # See https://github.com/ansible/ansible/commit/c91929b2b302b37af22d785641a7fe704003662a + when: + - ansible_version.full is version_compare('2.9.2', '>=') + +- name: Create Keystone Services + include_tasks: services.yml + loop: "{{ tripleo_keystone_resources_catalog_config | dict2items | haskey(attribute='service') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_data + +- name: Create Keystone Endpoints + include_tasks: loop-endpoints.yml + loop: + - public + - admin + - internal + loop_control: + loop_var: keystone_endpoint_type + +- name: Create Keystone Roles + include_tasks: roles.yml + loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='roles', default='service') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_roles + +- name: "Create Keystone Users" + include_tasks: users.yml + loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: batched_tripleo_keystone_resources_data + +- name: "Assign Keystone Users to Roles" + include_tasks: user_roles.yml + loop: >- + {{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='users') | + get_role_assignments(default_project=tripleo_keystone_resources_service_project) | dict2items }} + loop_control: + loop_var: batched_tripleo_keystone_resources_roles_data diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml new file mode 100644 index 000000000..d9a5e2243 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/projects.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Async creation of Keystone project + os_project: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: "{{ tripleo_keystone_resources_project }}" + domain_id: default + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_project_results + loop: "{{ batched_tripleo_keystone_resources_projects }}" + loop_control: + loop_var: tripleo_keystone_resources_project + +- name: Check Keystone project status + async_status: + jid: "{{ tripleo_keystone_resources_project_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_project_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_project_async_result_item" + register: tripleo_keystone_resources_project_async_poll_results + until: tripleo_keystone_resources_project_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml new file mode 100644 index 000000000..eece946fa --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/roles.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Async creation of Keystone role + os_keystone_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: "{{ tripleo_keystone_resources_role }}" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_role_results + loop: "{{ batched_tripleo_keystone_resources_roles }}" + loop_control: + loop_var: tripleo_keystone_resources_role + +- name: Check Keystone role status + async_status: + jid: "{{ tripleo_keystone_resources_role_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_role_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_role_async_result_item" + register: tripleo_keystone_resources_role_async_poll_results + until: tripleo_keystone_resources_role_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml new file mode 100644 index 000000000..f2fc782ca --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/services.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Async creation of Keystone service + os_keystone_service: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: "{{ tripleo_keystone_resources_data.key }}" + service_type: "{{ tripleo_keystone_resources_data.value.service }}" + description: "OpenStack {{ tripleo_keystone_resources_data.value.service | title() }} Service" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_service_results + loop: "{{ batched_tripleo_keystone_resources_data }}" + loop_control: + loop_var: tripleo_keystone_resources_data + +- name: Check Keystone service status + async_status: + jid: "{{ tripleo_keystone_resources_service_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_service_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_service_async_result_item" + register: tripleo_keystone_resources_service_async_poll_results + until: tripleo_keystone_resources_service_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml new file mode 100644 index 000000000..3834777f7 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_per_role.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: "Async assignment of Keystone user to roles" + os_user_role: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + user: "{{ lookup('dict', tripleo_keystone_resources_data_user).key }}" + project: "{{ lookup('dict', tripleo_keystone_resources_data_user).value.project | default(omit) }}" + # TODO(emilien) remove the custom filter once the module moved to OpenStack collections and we can make changes + domain: >- + {{ lookup('dict', tripleo_keystone_resources_data_user).value.domain | default(omit) | + get_domain_id(all_domains=openstack_domains) | default(omit) }} + role: "{{ batched_tripleo_keystone_resources_roles_data.key }}" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_user_role_results + loop: "{{ tripleo_keystone_resources_data_users }}" + loop_control: + loop_var: tripleo_keystone_resources_data_user + +- name: "Check Keystone user assignment to roles status" + async_status: + jid: "{{ tripleo_keystone_resources_user_role_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_user_role_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_user_role_async_result_item" + register: tripleo_keystone_resources_user_role_async_poll_results + until: tripleo_keystone_resources_user_role_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml new file mode 100644 index 000000000..c6c494857 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/user_roles.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: "Async assignment of Keystone user per role" + include_tasks: user_per_role.yml + # This loop is required as a user can have multiple roles but the os_user_role doesn't handle it. + loop: "{{ batched_tripleo_keystone_resources_roles_data.value | batch(tripleo_keystone_resources_batch) | list }}" + loop_control: + loop_var: tripleo_keystone_resources_data_users diff --git a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml new file mode 100644 index 000000000..155aea054 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/users.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: "Async creation of Keystone user" + os_user: + cloud: "{{ tripleo_keystone_resources_cloud_name }}" + name: "{{ lookup('dict', tripleo_keystone_resources_data).key }}" + password: "{{ lookup('dict', tripleo_keystone_resources_data).value.password }}" + email: "{{ lookup('dict', tripleo_keystone_resources_data).key }}@localhost" + domain: "{{ lookup('dict', tripleo_keystone_resources_data).value.domain | default('default') }}" + state: present + async: 60 + poll: 0 + register: tripleo_keystone_resources_user_results + loop: "{{ batched_tripleo_keystone_resources_data }}" + loop_control: + loop_var: tripleo_keystone_resources_data + +- name: "Check Keystone user status" + async_status: + jid: "{{ tripleo_keystone_resources_user_async_result_item.ansible_job_id }}" + loop: "{{ tripleo_keystone_resources_user_results.results }}" + loop_control: + loop_var: "tripleo_keystone_resources_user_async_result_item" + register: tripleo_keystone_resources_user_async_poll_results + until: tripleo_keystone_resources_user_async_poll_results.finished + retries: 30 diff --git a/tripleo_ansible/tests/plugins/filter/test_helpers.py b/tripleo_ansible/tests/plugins/filter/test_helpers.py index d9275b8f9..f18eb94f0 100644 --- a/tripleo_ansible/tests/plugins/filter/test_helpers.py +++ b/tripleo_ansible/tests/plugins/filter/test_helpers.py @@ -196,7 +196,7 @@ class TestHelperFilters(tests_base.TestCase): }, } ] - result = self.filters.haskey(batched_container_data=data, + result = self.filters.haskey(data=data, attribute='restart', value='always') self.assertEqual(result, expected_list) @@ -224,7 +224,7 @@ class TestHelperFilters(tests_base.TestCase): }, } ] - result = self.filters.haskey(batched_container_data=data, + result = self.filters.haskey(data=data, attribute='restart', value='always', reverse=True) @@ -255,7 +255,7 @@ class TestHelperFilters(tests_base.TestCase): }, } ] - result = self.filters.haskey(batched_container_data=data, + result = self.filters.haskey(data=data, attribute='restart', any=True) self.assertEqual(result, expected_list) @@ -284,7 +284,7 @@ class TestHelperFilters(tests_base.TestCase): }, } ] - result = self.filters.haskey(batched_container_data=data, + result = self.filters.haskey(data=data, attribute='restart', reverse=True, any=True) @@ -397,6 +397,68 @@ class TestHelperFilters(tests_base.TestCase): config_id='tripleo_step1') self.assertEqual(result, expected_list) + def test_get_key_from_dict(self): + data = { + 'nova_api': { + 'project': 'service1' + }, + 'glance_api': { + 'project': 'service1' + }, + 'heat_api': { + 'user': 'heat' + }, + 'cinder_api': { + 'project': 'service2' + } + } + expected_list = ['service1', 'service3', 'service2'] + result = self.filters.get_key_from_dict(data, key='project', + default='service3') + self.assertEqual(result, expected_list) + + def test_get_key_from_dict_with_list_input(self): + data = { + 'nova_api': { + 'roles': ['service', 'admin'] + }, + 'glance_api': { + 'roles': 'service1' + }, + 'heat_api': { + 'user': 'heat' + }, + 'cinder_api': { + 'project': 'service2', + 'roles': ['service', 'service4'] + } + } + expected_list = ['service', 'admin', 'service1', 'service4'] + result = self.filters.get_key_from_dict(data, key='roles', + default='service') + self.assertEqual(result, expected_list) + + def test_get_key_from_dict_with_dict_input(self): + data = { + 'nova_api': { + 'users': {'nova': {'password': 'secret', + 'roles': ['foo', 'bar']}}, + }, + 'glance_api': { + 'roles': 'service1' + }, + 'heat_api': { + 'user': 'heat' + }, + 'cinder_api': { + 'project': 'service2' + } + } + expected_list = [{'nova': {'password': 'secret', 'roles': + ['foo', 'bar']}}] + result = self.filters.get_key_from_dict(data, key='users') + self.assertEqual(result, expected_list) + def test_container_exec_cmd(self): data = { "action": "exec", @@ -421,3 +483,48 @@ class TestHelperFilters(tests_base.TestCase): 'keystone', 'keystone-manage', 'bootstrap'] result = self.filters.container_exec_cmd(data=data) self.assertEqual(result, expected_cmd) + + def test_get_role_assignments(self): + data = [{ + 'nova': { + 'roles': ['service', 'admin'], + }, + 'glance': { + 'roles': 'service1', + 'user': 'glance' + }, + 'cinder': { + 'project': 'service2' + }, + 'heat': { + 'domain': 'heat_domain' + } + }] + expected_hash = { + 'admin': [{'nova': {'project': 'service'}}, + {'cinder': {'project': 'service2'}}, + {'heat': {'domain': 'heat_domain'}} + ], + 'service': [{'nova': {'project': 'service'}}], + 'service1': [{'glance': {'project': 'service'}}] + } + result = self.filters.get_role_assignments(data) + self.assertEqual(result, expected_hash) + + def test_get_domain_id(self): + openstack_domains = [ + { + "description": "The default domain", + "enabled": "true", + "id": "default", + "name": "Default" + }, + { + "description": "The heat stack domain", + "enabled": "true", + "id": "fd85b560d4554fd8bf363728e4a3863e", + "name": "heat_stack" + } + ] + result = self.filters.get_domain_id('heat_stack', openstack_domains) + self.assertEqual(result, 'fd85b560d4554fd8bf363728e4a3863e') diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 7c6f5a782..b8a9ef509 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -40,6 +40,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-hosts-entries - tripleo-ansible-centos-7-molecule-tripleo-container-manage - tripleo-ansible-centos-7-molecule-tripleo-modules + - tripleo-ansible-centos-7-molecule-tripleo-keystone-resources gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -80,6 +81,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-hosts-entries - tripleo-ansible-centos-7-molecule-tripleo-container-manage - tripleo-ansible-centos-7-molecule-tripleo-modules + - tripleo-ansible-centos-7-molecule-tripleo-keystone-resources name: tripleo-ansible-molecule-jobs - job: files: @@ -357,3 +359,11 @@ - ^molecule-requirements.txt name: tripleo-ansible-centos-7-molecule-tripleo-modules parent: tripleo-ansible-centos-7-base + +- job: + files: + - ^tripleo_ansible/roles/tripleo-keystone-resources/.* + name: tripleo-ansible-centos-7-molecule-tripleo-keystone-resources + parent: tripleo-ansible-centos-7-base + vars: + tripleo_role_name: tripleo-keystone-resources