X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Fresource%2Fauthtoken.pp;fp=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Fresource%2Fauthtoken.pp;h=0000000000000000000000000000000000000000;hb=6e1426dc77fb4e5d51f07c187c6f2219431dc31e;hp=5165abb3a1bd5df7b4c6cc3d526e65829ffc8a19;hpb=87423ba664cd5f2bb462ebadd08b1a90d0fe1c8d;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/keystone/manifests/resource/authtoken.pp b/3rdparty/modules/keystone/manifests/resource/authtoken.pp deleted file mode 100644 index 5165abb3a..000000000 --- a/3rdparty/modules/keystone/manifests/resource/authtoken.pp +++ /dev/null @@ -1,253 +0,0 @@ -# == Definition: keystone::resource::authtoken -# -# This resource configures Keystone authentication resources for an OpenStack -# service. It will manage the [keystone_authtoken] section in the given -# config resource. It supports all of the authentication parameters specified -# at http://www.jamielennox.net/blog/2015/02/17/loading-authentication-plugins/ -# with the addition of the default domain for user and project. -# -# The username and project_name parameters may be given in the form -# "name::domainname". The authtoken resource will use the domains in -# the following order: -# 1) The given domain parameter (user_domain_name or project_domain_name) -# 2) The domain given as the "::domainname" part of username or project_name -# 3) The default_domain_name -# -# For example, instead of doing this:: -# -# glance_api_config { -# 'keystone_authtoken/admin_tenant_name': value => $keystone_tenant; -# 'keystone_authtoken/admin_user' : value => $keystone_user; -# 'keystone_authtoken/admin_password' : value => $keystone_password; -# secret => true; -# ... -# } -# -# manifests should do this instead:: -# -# keystone::resource::authtoken { 'glance_api_config': -# username => $keystone_user, -# password => $keystone_password, -# auth_url => $real_identity_uri, -# project_name => $keystone_tenant, -# user_domain_name => $keystone_user_domain, -# project_domain_name => $keystone_project_domain, -# default_domain_name => $keystone_default_domain, -# cacert => $ca_file, -# ... -# } -# -# The use of `keystone::resource::authtoken` makes it easy to avoid mistakes, -# and makes it easier to support some of the newer authentication types coming -# with Keystone Kilo and later, such as Kerberos, Federation, etc. -# -# == Parameters: -# -# [*name*] -# The name of the resource corresponding to the config file. For example, -# keystone::resource::authtoken { 'glance_api_config': ... } -# Where 'glance_api_config' is the name of the resource used to manage -# the glance api configuration. -# string; required -# -# [*username*] -# The name of the service user; -# string; required -# -# [*password*] -# Password to create for the service user; -# string; required -# -# [*auth_url*] -# The URL to use for authentication. -# string; required -# -# [*auth_plugin*] -# The plugin to use for authentication. -# string; optional: default to 'password' -# -# [*user_id*] -# The ID of the service user; -# string; optional: default to undef -# -# [*user_domain_name*] -# (Optional) Name of domain for $username -# Defaults to undef -# -# [*user_domain_id*] -# (Optional) ID of domain for $username -# Defaults to undef -# -# [*project_name*] -# Service project name; -# string; optional: default to undef -# -# [*project_id*] -# Service project ID; -# string; optional: default to undef -# -# [*project_domain_name*] -# (Optional) Name of domain for $project_name -# Defaults to undef -# -# [*project_domain_id*] -# (Optional) ID of domain for $project_name -# Defaults to undef -# -# [*domain_name*] -# (Optional) Use this for auth to obtain a domain-scoped token. -# If using this option, do not specify $project_name or $project_id. -# Defaults to undef -# -# [*domain_id*] -# (Optional) Use this for auth to obtain a domain-scoped token. -# If using this option, do not specify $project_name or $project_id. -# Defaults to undef -# -# [*default_domain_name*] -# (Optional) Name of domain for $username and $project_name -# If user_domain_name is not specified, use $default_domain_name -# If project_domain_name is not specified, use $default_domain_name -# Defaults to undef -# -# [*default_domain_id*] -# (Optional) ID of domain for $user_id and $project_id -# If user_domain_id is not specified, use $default_domain_id -# If project_domain_id is not specified, use $default_domain_id -# Defaults to undef -# -# [*trust_id*] -# (Optional) Trust ID -# Defaults to undef -# -# [*cacert*] -# (Optional) CA certificate file for TLS (https) -# Defaults to undef -# -# [*cert*] -# (Optional) Certificate file for TLS (https) -# Defaults to undef -# -# [*key*] -# (Optional) Key file for TLS (https) -# Defaults to undef -# -# [*insecure*] -# If true, explicitly allow TLS without checking server cert against any -# certificate authorities. WARNING: not recommended. Use with caution. -# boolean; Defaults to false (which means be secure) -# -define keystone::resource::authtoken( - $username, - $password, - $auth_url, - $auth_plugin = 'password', - $user_id = undef, - $user_domain_name = undef, - $user_domain_id = undef, - $project_name = undef, - $project_id = undef, - $project_domain_name = undef, - $project_domain_id = undef, - $domain_name = undef, - $domain_id = undef, - $default_domain_name = undef, - $default_domain_id = undef, - $trust_id = undef, - $cacert = undef, - $cert = undef, - $key = undef, - $insecure = false, -) { - - if !$project_name and !$project_id and !$domain_name and !$domain_id { - fail('Must specify either a project (project_name or project_id, for a project scoped token) or a domain (domain_name or domain_id, for a domain scoped token)') - } - - if ($project_name or $project_id) and ($domain_name or $domain_id) { - fail('Cannot specify both a project (project_name or project_id) and a domain (domain_name or domain_id)') - } - - $user_and_domain_array = split($username, '::') - $real_username = $user_and_domain_array[0] - $real_user_domain_name = pick($user_domain_name, $user_and_domain_array[1], $default_domain_name, '__nodomain__') - - $project_and_domain_array = split($project_name, '::') - $real_project_name = $project_and_domain_array[0] - $real_project_domain_name = pick($project_domain_name, $project_and_domain_array[1], $default_domain_name, '__nodomain__') - - create_resources($name, {'keystone_authtoken/auth_plugin' => {'value' => $auth_plugin}}) - create_resources($name, {'keystone_authtoken/auth_url' => {'value' => $auth_url}}) - create_resources($name, {'keystone_authtoken/username' => {'value' => $real_username}}) - create_resources($name, {'keystone_authtoken/password' => {'value' => $password, 'secret' => true}}) - if $user_id { - create_resources($name, {'keystone_authtoken/user_id' => {'value' => $user_id}}) - } else { - create_resources($name, {'keystone_authtoken/user_id' => {'ensure' => 'absent'}}) - } - if $real_user_domain_name == '__nodomain__' { - create_resources($name, {'keystone_authtoken/user_domain_name' => {'ensure' => 'absent'}}) - } else { - create_resources($name, {'keystone_authtoken/user_domain_name' => {'value' => $real_user_domain_name}}) - } - if $user_domain_id { - create_resources($name, {'keystone_authtoken/user_domain_id' => {'value' => $user_domain_id}}) - } elsif $default_domain_id { - create_resources($name, {'keystone_authtoken/user_domain_id' => {'value' => $default_domain_id}}) - } else { - create_resources($name, {'keystone_authtoken/user_domain_id' => {'ensure' => 'absent'}}) - } - if $project_name { - create_resources($name, {'keystone_authtoken/project_name' => {'value' => $real_project_name}}) - } else { - create_resources($name, {'keystone_authtoken/project_name' => {'ensure' => 'absent'}}) - } - if $project_id { - create_resources($name, {'keystone_authtoken/project_id' => {'value' => $project_id}}) - } else { - create_resources($name, {'keystone_authtoken/project_id' => {'ensure' => 'absent'}}) - } - if $real_project_domain_name == '__nodomain__' { - create_resources($name, {'keystone_authtoken/project_domain_name' => {'ensure' => 'absent'}}) - } else { - create_resources($name, {'keystone_authtoken/project_domain_name' => {'value' => $real_project_domain_name}}) - } - if $project_domain_id { - create_resources($name, {'keystone_authtoken/project_domain_id' => {'value' => $project_domain_id}}) - } elsif $default_domain_id { - create_resources($name, {'keystone_authtoken/project_domain_id' => {'value' => $default_domain_id}}) - } else { - create_resources($name, {'keystone_authtoken/project_domain_id' => {'ensure' => 'absent'}}) - } - if $domain_name { - create_resources($name, {'keystone_authtoken/domain_name' => {'value' => $domain_name}}) - } else { - create_resources($name, {'keystone_authtoken/domain_name' => {'ensure' => 'absent'}}) - } - if $domain_id { - create_resources($name, {'keystone_authtoken/domain_id' => {'value' => $domain_id}}) - } else { - create_resources($name, {'keystone_authtoken/domain_id' => {'ensure' => 'absent'}}) - } - if $trust_id { - create_resources($name, {'keystone_authtoken/trust_id' => {'value' => $trust_id}}) - } else { - create_resources($name, {'keystone_authtoken/trust_id' => {'ensure' => 'absent'}}) - } - if $cacert { - create_resources($name, {'keystone_authtoken/cacert' => {'value' => $cacert}}) - } else { - create_resources($name, {'keystone_authtoken/cacert' => {'ensure' => 'absent'}}) - } - if $cert { - create_resources($name, {'keystone_authtoken/cert' => {'value' => $cert}}) - } else { - create_resources($name, {'keystone_authtoken/cert' => {'ensure' => 'absent'}}) - } - if $key { - create_resources($name, {'keystone_authtoken/key' => {'value' => $key}}) - } else { - create_resources($name, {'keystone_authtoken/key' => {'ensure' => 'absent'}}) - } - create_resources($name, {'keystone_authtoken/insecure' => {'value' => $insecure}}) -}