2 # Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
4 # Author: Emilien Macchi <emilien.macchi@enovance.com>
6 # Licensed under the Apache License, Version 2.0 (the "License"); you may
7 # not use this file except in compliance with the License. You may obtain
8 # a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15 # License for the specific language governing permissions and limitations
18 # == Definition: keystone::resource::service_identity
20 # This resource configures Keystone resources for an OpenStack service.
25 # Password to create for the service user;
29 # The name of the service user;
30 # string; optional; default to the $title of the resource, i.e. 'nova'
33 # Name of the service;
37 # Type of the service;
40 # [*service_description*]
41 # Description of the service;
42 # string; optional: default to '$name service'
45 # Public endpoint URL;
49 # Internal endpoint URL;
58 # string; optional: default to 'RegionOne'
62 # string; optional: default to 'services'
64 # [*ignore_default_tenant*]
65 # Ignore setting the default tenant value when the user is created.
66 # string; optional: default to false
70 # string; optional: default to ['admin']
73 # User domain (keystone v3), not implemented yet.
74 # string; optional: default to undef
78 # string; optional: default to '$auth_name@localhost'
80 # [*configure_endpoint*]
81 # Whether to create the endpoint.
82 # string; optional: default to True
85 # Whether to create the user.
86 # string; optional: default to True
88 # [*configure_user_role*]
89 # Whether to create the user role.
90 # string; optional: default to True
92 # [*configure_service*]
93 # Whether to create the service.
94 # string; optional: default to True
96 define keystone::resource::service_identity(
98 $internal_url = false,
101 $service_type = false,
103 $configure_endpoint = true,
104 $configure_user = true,
105 $configure_user_role = true,
106 $configure_service = true,
108 $email = "${name}@localhost",
109 $region = 'RegionOne',
110 $service_name = undef,
111 $service_description = "${name} service",
112 $tenant = 'services',
113 $ignore_default_tenant = false,
118 warning('Keystone domains are not yet managed by puppet-keystone.')
121 if $service_name == undef {
122 $service_name_real = $auth_name
124 $service_name_real = $service_name
128 ensure_resource('keystone_user', $auth_name, {
129 'ensure' => 'present',
131 'password' => $password,
134 'ignore_default_tenant' => $ignore_default_tenant,
138 if $configure_user_role {
139 ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
140 'ensure' => 'present',
144 Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
148 if $configure_service {
149 ensure_resource('keystone_service', $service_name_real, {
150 'ensure' => 'present',
151 'type' => $service_type,
152 'description' => $service_description,
156 if $configure_endpoint {
157 ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
158 'ensure' => 'present',
159 'public_url' => $public_url,
160 'admin_url' => $admin_url,
161 'internal_url' => $internal_url,