X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Froles%2Fadmin.pp;h=fe43a0fe274fc21ddccac29accdd22e305cd71a7;hb=2dc39f2a756f82040d82cba324b21f44fad8ef3f;hp=4fd5e097040b9b89fdc1d457c4c023897f0c69c7;hpb=4631045ebb77ee8622f6fa09277a50c372bcc02e;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/keystone/manifests/roles/admin.pp b/3rdparty/modules/keystone/manifests/roles/admin.pp
index 4fd5e0970..fe43a0fe2 100644
--- a/3rdparty/modules/keystone/manifests/roles/admin.pp
+++ b/3rdparty/modules/keystone/manifests/roles/admin.pp
@@ -1,3 +1,4 @@
+# == Class: keystone::roles::admin
 #
 # This class implements some reasonable admin defaults for keystone.
 #
@@ -8,18 +9,61 @@
 #   * admin role
 #   * adds admin role to admin user on the "admin" tenant
 #
-# [*Parameters*]
+# === Parameters:
 #
-# [email] The email address for the admin. Required.
-# [password] The admin password. Required.
-# [admin_roles] The list of the roles with admin privileges. Optional. Defaults to ['admin'].
-# [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
-# [admin] Admin user. Optional. Defaults to admin.
-# [ignore_default_tenant] Ignore setting the default tenant value when the user is created. Optional. Defaults to false.
-# [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
-# [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
-# [configure_user] Optional. Should the admin user be created? Defaults to 'true'.
-# [configure_user_role] Optional. Should the admin role be configured for the admin user? Defaulst to 'true'.
+# [*email*]
+#   The email address for the admin. Required.
+#
+# [*password*]
+#   The admin password. Required.
+#
+# [*admin_roles*]
+#   The list of the roles with admin privileges. Optional.
+#   Defaults to ['admin'].
+#
+# [*admin_tenant*]
+#   The name of the tenant to be used for admin privileges. Optional.
+#   Defaults to openstack.
+#
+# [*service_tenant*]
+#   The name of service keystone tenant. Optional.
+#   Defaults to 'services'.
+#
+# [*admin*]
+#   Admin user. Optional.
+#   Defaults to admin.
+#
+# [*ignore_default_tenant*]
+#   Ignore setting the default tenant value when the user is created. Optional.
+#   Defaults to false.
+#
+# [*admin_tenant_desc*]
+#   Optional. Description for admin tenant,
+#   Defaults to 'admin tenant'
+#
+# [*service_tenant_desc*]
+#   Optional. Description for admin tenant,
+#   Defaults to 'Tenant for the openstack services'
+#
+# [*configure_user*]
+#   Optional. Should the admin user be created?
+#   Defaults to 'true'.
+#
+# [*configure_user_role*]
+#   Optional. Should the admin role be configured for the admin user?
+#   Defaults to 'true'.
+#
+# [*admin_user_domain*]
+#   Optional.  Domain of the admin user
+#   Defaults to undef (undef will resolve to class keystone $default_domain)
+#
+# [*admin_project_domain*]
+#   Optional.  Domain of the admin tenant
+#   Defaults to undef (undef will resolve to class keystone $default_domain)
+#
+# [*service_project_domain*]
+#   Optional.  Domain for $service_tenant
+#   Defaults to undef (undef will resolve to class keystone $default_domain)
 #
 # == Dependencies
 # == Examples
@@ -43,17 +87,55 @@ class keystone::roles::admin(
   $service_tenant_desc    = 'Tenant for the openstack services',
   $configure_user         = true,
   $configure_user_role    = true,
+  $admin_user_domain      = undef,
+  $admin_project_domain   = undef,
+  $service_project_domain = undef,
 ) {
 
+  if $service_project_domain {
+    if $service_project_domain != $admin_user_domain {
+      if $service_project_domain != $admin_project_domain {
+        keystone_domain { $service_project_domain:
+          ensure  => present,
+          enabled => true,
+        }
+      }
+    }
+  }
+
+  if $admin_project_domain {
+    if $admin_project_domain != $admin_user_domain {
+      if $service_project_domain != $admin_project_domain {
+        keystone_domain { $admin_project_domain:
+          ensure  => present,
+          enabled => true,
+        }
+      }
+    }
+  }
+
+  if $admin_user_domain {
+    if $admin_project_domain != $admin_user_domain {
+      if $service_project_domain != $admin_user_domain {
+        keystone_domain { $admin_user_domain:
+          ensure  => present,
+          enabled => true,
+        }
+      }
+    }
+  }
+
   keystone_tenant { $service_tenant:
     ensure      => present,
     enabled     => true,
     description => $service_tenant_desc,
+    domain      => $service_project_domain,
   }
   keystone_tenant { $admin_tenant:
     ensure      => present,
     enabled     => true,
     description => $admin_tenant_desc,
+    domain      => $admin_project_domain,
   }
   keystone_role { 'admin':
     ensure => present,
@@ -66,6 +148,7 @@ class keystone::roles::admin(
       tenant                => $admin_tenant,
       email                 => $email,
       password              => $password,
+      domain                => $admin_user_domain,
       ignore_default_tenant => $ignore_default_tenant,
     }
   }