# List of roles;
# string; optional: default to ['admin']
#
-# [*domain*]
-# User domain (keystone v3), not implemented yet.
-# string; optional: default to undef
-#
# [*email*]
# Service email;
# string; optional: default to '$auth_name@localhost'
# Whether to create the service.
# string; optional: default to True
#
+# [*user_domain*]
+# (Optional) Domain for $auth_name
+# Defaults to undef (use the keystone server default domain)
+#
+# [*project_domain*]
+# (Optional) Domain for $tenant (project)
+# Defaults to undef (use the keystone server default domain)
+#
+# [*default_domain*]
+# (Optional) Domain for $auth_name and $tenant (project)
+# If keystone_user_domain is not specified, use $keystone_default_domain
+# If keystone_project_domain is not specified, use $keystone_default_domain
+# Defaults to undef
+#
define keystone::resource::service_identity(
$admin_url = false,
$internal_url = false,
$configure_user = true,
$configure_user_role = true,
$configure_service = true,
- $domain = undef,
$email = "${name}@localhost",
$region = 'RegionOne',
$service_name = undef,
$tenant = 'services',
$ignore_default_tenant = false,
$roles = ['admin'],
+ $user_domain = undef,
+ $project_domain = undef,
+ $default_domain = undef,
) {
-
- if $domain {
- warning('Keystone domains are not yet managed by puppet-keystone.')
- }
-
if $service_name == undef {
$service_name_real = $auth_name
} else {
$service_name_real = $service_name
}
+ if $user_domain == undef {
+ $user_domain_real = $default_domain
+ } else {
+ $user_domain_real = $user_domain
+ }
+
if $configure_user {
+ if $user_domain_real {
+ # We have to use ensure_resource here and hope for the best, because we have
+ # no way to know if the $user_domain is the same domain passed as the
+ # $default_domain parameter to class keystone.
+ ensure_resource('keystone_domain', $user_domain_real, {
+ 'ensure' => 'present',
+ 'enabled' => true,
+ })
+ }
ensure_resource('keystone_user', $auth_name, {
'ensure' => 'present',
'enabled' => true,
'email' => $email,
'tenant' => $tenant,
'ignore_default_tenant' => $ignore_default_tenant,
+ 'domain' => $user_domain_real,
})
}
'ensure' => 'present',
'roles' => $roles,
})
- if $configure_user {
- Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
- }
}
if $configure_service {