X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Fresource%2Fservice_identity.pp;h=4ac132205d4024614a74971e8ab4d8e032f45a69;hb=b0c5fa1bf27e28d72c80d56c0c84f7d301aaaac6;hp=08eaa7f5e5931ea88dbcae7c5f7979393547dcb5;hpb=b8fa2c1a5ec9dbcd1d2f9e9b41afdde4c603aa35;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/keystone/manifests/resource/service_identity.pp b/3rdparty/modules/keystone/manifests/resource/service_identity.pp index 08eaa7f5e..4ac132205 100644 --- a/3rdparty/modules/keystone/manifests/resource/service_identity.pp +++ b/3rdparty/modules/keystone/manifests/resource/service_identity.pp @@ -22,76 +22,86 @@ # == Parameters: # # [*password*] -# Password to create for the service user; -# string; required +# Password to create for the service user; +# string; required # # [*auth_name*] -# The name of the service user; -# string; optional; default to the $title of the resource, i.e. 'nova' +# The name of the service user; +# string; optional; default to the $title of the resource, i.e. 'nova' # # [*service_name*] -# Name of the service; -# string; required +# Name of the service; +# string; required # # [*service_type*] -# Type of the service; -# string; required +# Type of the service; +# string; required # # [*service_description*] -# Description of the service; -# string; optional: default to '$name service' +# Description of the service; +# string; optional: default to '$name service' # # [*public_url*] -# Public endpoint URL; -# string; required +# Public endpoint URL; +# string; required # # [*internal_url*] -# Internal endpoint URL; -# string; required +# Internal endpoint URL; +# string; required # # [*admin_url*] -# Admin endpoint URL; -# string; required +# Admin endpoint URL; +# string; required # # [*region*] -# Endpoint region; -# string; optional: default to 'RegionOne' +# Endpoint region; +# string; optional: default to 'RegionOne' # # [*tenant*] -# Service tenant; -# string; optional: default to 'services' +# Service tenant; +# string; optional: default to 'services' # # [*ignore_default_tenant*] -# Ignore setting the default tenant value when the user is created. -# string; optional: default to false +# Ignore setting the default tenant value when the user is created. +# string; optional: default to false # # [*roles*] -# List of roles; -# string; optional: default to ['admin'] -# -# [*domain*] -# User domain (keystone v3), not implemented yet. -# string; optional: default to undef +# List of roles; +# string; optional: default to ['admin'] # # [*email*] -# Service email; -# string; optional: default to '$auth_name@localhost' +# Service email; +# string; optional: default to '$auth_name@localhost' # # [*configure_endpoint*] -# Whether to create the endpoint. -# string; optional: default to True +# Whether to create the endpoint. +# string; optional: default to True # # [*configure_user*] -# Whether to create the user. -# string; optional: default to True +# Whether to create the user. +# string; optional: default to True # # [*configure_user_role*] -# Whether to create the user role. -# string; optional: default to True +# Whether to create the user role. +# string; optional: default to True # # [*configure_service*] -# Whether to create the service. -# string; optional: default to True +# Whether to create the service. +# string; optional: default to True +# +# [*user_domain*] +# (Optional) Domain for $auth_name +# Defaults to undef (use the keystone server default domain) +# +# [*project_domain*] +# (Optional) Domain for $tenant (project) +# Defaults to undef (use the keystone server default domain) +# +# [*default_domain*] +# (Optional) Domain for $auth_name and $tenant (project) +# If keystone_user_domain is not specified, use $keystone_default_domain +# If keystone_project_domain is not specified, use $keystone_default_domain +# Defaults to undef # define keystone::resource::service_identity( $admin_url = false, @@ -104,7 +114,6 @@ define keystone::resource::service_identity( $configure_user = true, $configure_user_role = true, $configure_service = true, - $domain = undef, $email = "${name}@localhost", $region = 'RegionOne', $service_name = undef, @@ -112,19 +121,32 @@ define keystone::resource::service_identity( $tenant = 'services', $ignore_default_tenant = false, $roles = ['admin'], + $user_domain = undef, + $project_domain = undef, + $default_domain = undef, ) { - - if $domain { - warning('Keystone domains are not yet managed by puppet-keystone.') - } - if $service_name == undef { $service_name_real = $auth_name } else { $service_name_real = $service_name } + if $user_domain == undef { + $user_domain_real = $default_domain + } else { + $user_domain_real = $user_domain + } + if $configure_user { + if $user_domain_real { + # We have to use ensure_resource here and hope for the best, because we have + # no way to know if the $user_domain is the same domain passed as the + # $default_domain parameter to class keystone. + ensure_resource('keystone_domain', $user_domain_real, { + 'ensure' => 'present', + 'enabled' => true, + }) + } ensure_resource('keystone_user', $auth_name, { 'ensure' => 'present', 'enabled' => true, @@ -132,6 +154,7 @@ define keystone::resource::service_identity( 'email' => $email, 'tenant' => $tenant, 'ignore_default_tenant' => $ignore_default_tenant, + 'domain' => $user_domain_real, }) } @@ -140,9 +163,6 @@ define keystone::resource::service_identity( 'ensure' => 'present', 'roles' => $roles, }) - if $configure_user { - Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"] - } } if $configure_service {