+++ /dev/null
-# == Class: keystone::roles::admin
-#
-# This class implements some reasonable admin defaults for keystone.
-#
-# It creates the following keystone objects:
-# * service tenant (tenant used by all service users)
-# * "admin" tenant (defaults to "openstack")
-# * admin user (that defaults to the "admin" tenant)
-# * admin role
-# * adds admin role to admin user on the "admin" tenant
-#
-# === Parameters:
-#
-# [*email*]
-# The email address for the admin. Required.
-#
-# [*password*]
-# The admin password. Required.
-#
-# [*admin_roles*]
-# The list of the roles with admin privileges. Optional.
-# Defaults to ['admin'].
-#
-# [*admin_tenant*]
-# The name of the tenant to be used for admin privileges. Optional.
-# Defaults to openstack.
-#
-# [*service_tenant*]
-# The name of service keystone tenant. Optional.
-# Defaults to 'services'.
-#
-# [*admin*]
-# Admin user. Optional.
-# Defaults to admin.
-#
-# [*ignore_default_tenant*]
-# Ignore setting the default tenant value when the user is created. Optional.
-# Defaults to false.
-#
-# [*admin_tenant_desc*]
-# Optional. Description for admin tenant,
-# Defaults to 'admin tenant'
-#
-# [*service_tenant_desc*]
-# Optional. Description for admin tenant,
-# Defaults to 'Tenant for the openstack services'
-#
-# [*configure_user*]
-# Optional. Should the admin user be created?
-# Defaults to 'true'.
-#
-# [*configure_user_role*]
-# Optional. Should the admin role be configured for the admin user?
-# Defaults to 'true'.
-#
-# [*admin_user_domain*]
-# Optional. Domain of the admin user
-# Defaults to undef (undef will resolve to class keystone $default_domain)
-#
-# [*admin_project_domain*]
-# Optional. Domain of the admin tenant
-# Defaults to undef (undef will resolve to class keystone $default_domain)
-#
-# [*service_project_domain*]
-# Optional. Domain for $service_tenant
-# Defaults to undef (undef will resolve to class keystone $default_domain)
-#
-# == Dependencies
-# == Examples
-# == Authors
-#
-# Dan Bode dan@puppetlabs.com
-#
-# == Copyright
-#
-# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
-#
-class keystone::roles::admin(
- $email,
- $password,
- $admin = 'admin',
- $admin_tenant = 'openstack',
- $admin_roles = ['admin'],
- $service_tenant = 'services',
- $ignore_default_tenant = false,
- $admin_tenant_desc = 'admin tenant',
- $service_tenant_desc = 'Tenant for the openstack services',
- $configure_user = true,
- $configure_user_role = true,
- $admin_user_domain = undef,
- $admin_project_domain = undef,
- $service_project_domain = undef,
-) {
-
- if $service_project_domain {
- if $service_project_domain != $admin_user_domain {
- if $service_project_domain != $admin_project_domain {
- keystone_domain { $service_project_domain:
- ensure => present,
- enabled => true,
- }
- }
- }
- }
-
- if $admin_project_domain {
- if $admin_project_domain != $admin_user_domain {
- if $service_project_domain != $admin_project_domain {
- keystone_domain { $admin_project_domain:
- ensure => present,
- enabled => true,
- }
- }
- }
- }
-
- if $admin_user_domain {
- if $admin_project_domain != $admin_user_domain {
- if $service_project_domain != $admin_user_domain {
- keystone_domain { $admin_user_domain:
- ensure => present,
- enabled => true,
- }
- }
- }
- }
-
- keystone_tenant { $service_tenant:
- ensure => present,
- enabled => true,
- description => $service_tenant_desc,
- domain => $service_project_domain,
- }
- keystone_tenant { $admin_tenant:
- ensure => present,
- enabled => true,
- description => $admin_tenant_desc,
- domain => $admin_project_domain,
- }
- keystone_role { 'admin':
- ensure => present,
- }
-
- if $configure_user {
- keystone_user { $admin:
- ensure => present,
- enabled => true,
- tenant => $admin_tenant,
- email => $email,
- password => $password,
- domain => $admin_user_domain,
- ignore_default_tenant => $ignore_default_tenant,
- }
- }
-
- if $configure_user_role {
- keystone_user_role { "${admin}@${admin_tenant}":
- ensure => present,
- roles => $admin_roles,
- }
- }
-
-}