2 # Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
4 # Author: Emilien Macchi <emilien.macchi@enovance.com>
6 # Licensed under the Apache License, Version 2.0 (the "License"); you may
7 # not use this file except in compliance with the License. You may obtain
8 # a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15 # License for the specific language governing permissions and limitations
18 # == Definition: keystone::resource::service_identity
20 # This resource configures Keystone resources for an OpenStack service.
25 # Password to create for the service user;
29 # The name of the service user;
30 # string; optional; default to the $title of the resource, i.e. 'nova'
33 # Name of the service;
37 # Type of the service;
40 # [*service_description*]
41 # Description of the service;
42 # string; optional: default to '$name service'
45 # Public endpoint URL;
49 # Internal endpoint URL;
58 # string; optional: default to 'RegionOne'
62 # string; optional: default to 'services'
64 # [*ignore_default_tenant*]
65 # Ignore setting the default tenant value when the user is created.
66 # string; optional: default to false
70 # string; optional: default to ['admin']
74 # string; optional: default to '$auth_name@localhost'
76 # [*configure_endpoint*]
77 # Whether to create the endpoint.
78 # string; optional: default to True
81 # Whether to create the user.
82 # string; optional: default to True
84 # [*configure_user_role*]
85 # Whether to create the user role.
86 # string; optional: default to True
88 # [*configure_service*]
89 # Whether to create the service.
90 # string; optional: default to True
93 # (Optional) Domain for $auth_name
94 # Defaults to undef (use the keystone server default domain)
97 # (Optional) Domain for $tenant (project)
98 # Defaults to undef (use the keystone server default domain)
101 # (Optional) Domain for $auth_name and $tenant (project)
102 # If keystone_user_domain is not specified, use $keystone_default_domain
103 # If keystone_project_domain is not specified, use $keystone_default_domain
106 define keystone::resource::service_identity(
108 $internal_url = false,
111 $service_type = false,
113 $configure_endpoint = true,
114 $configure_user = true,
115 $configure_user_role = true,
116 $configure_service = true,
117 $email = "${name}@localhost",
118 $region = 'RegionOne',
119 $service_name = undef,
120 $service_description = "${name} service",
121 $tenant = 'services',
122 $ignore_default_tenant = false,
124 $user_domain = undef,
125 $project_domain = undef,
126 $default_domain = undef,
128 if $service_name == undef {
129 $service_name_real = $auth_name
131 $service_name_real = $service_name
134 if $user_domain == undef {
135 $user_domain_real = $default_domain
137 $user_domain_real = $user_domain
141 if $user_domain_real {
142 # We have to use ensure_resource here and hope for the best, because we have
143 # no way to know if the $user_domain is the same domain passed as the
144 # $default_domain parameter to class keystone.
145 ensure_resource('keystone_domain', $user_domain_real, {
146 'ensure' => 'present',
150 ensure_resource('keystone_user', $auth_name, {
151 'ensure' => 'present',
153 'password' => $password,
156 'ignore_default_tenant' => $ignore_default_tenant,
157 'domain' => $user_domain_real,
161 if $configure_user_role {
162 ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
163 'ensure' => 'present',
168 if $configure_service {
169 ensure_resource('keystone_service', $service_name_real, {
170 'ensure' => 'present',
171 'type' => $service_type,
172 'description' => $service_description,
176 if $configure_endpoint {
177 ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
178 'ensure' => 'present',
179 'public_url' => $public_url,
180 'admin_url' => $admin_url,
181 'internal_url' => $internal_url,