Extract module for keystone domain management
This commit is contained in:
parent
b65bd39615
commit
02e91f8897
2 changed files with 123 additions and 577 deletions
|
@ -1,577 +0,0 @@
|
||||||
#!/usr/bin/python
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
from __builtin__ import False
|
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
|
||||||
---
|
|
||||||
module: keystone_v3
|
|
||||||
version_added: "1.0"
|
|
||||||
short_description: Manage OpenStack Identity (keystone v3) users, tenants and roles
|
|
||||||
description:
|
|
||||||
- Manage users,tenants, roles from OpenStack.
|
|
||||||
requirements: [ python-keystoneclient ]
|
|
||||||
author: Haneef Ali
|
|
||||||
'''
|
|
||||||
|
|
||||||
EXAMPLES = '''
|
|
||||||
# Create a project
|
|
||||||
- keystone_v3: action="create_project" project_name=demo
|
|
||||||
description="Default Tenant" project_domain_name="Default"
|
|
||||||
|
|
||||||
# Create a user
|
|
||||||
- keystone_v3: action="create_user" user_name=demo
|
|
||||||
description="Default User" user_domain_name="Default"
|
|
||||||
|
|
||||||
# Create a domain
|
|
||||||
- keystone_v3: action="create_domain" domain_name=demo
|
|
||||||
description="Default User"
|
|
||||||
|
|
||||||
# Grant admin role to the john user in the demo tenant
|
|
||||||
- keystone_v3: action="grant_project_role" project__name=demo
|
|
||||||
role_name=admin user_name=john user_domain_name=Default
|
|
||||||
project_domain_name=Default
|
|
||||||
'''
|
|
||||||
|
|
||||||
|
|
||||||
from keystoneclient.v3 import client as v3client
|
|
||||||
from keystoneclient.auth.identity import v3
|
|
||||||
from keystoneclient.auth import token_endpoint
|
|
||||||
from keystoneclient import session
|
|
||||||
|
|
||||||
|
|
||||||
def _get_client(auth_url=None, token=None, login_username=None, login_password=None, login_project_name=None,
|
|
||||||
login_project_domain_name=None, login_user_domain_name=None, login_domain_name=None,
|
|
||||||
insecure=True, ca_cert=None):
|
|
||||||
"""Return a ks_client client object"""
|
|
||||||
|
|
||||||
auth_plugin = None
|
|
||||||
if token:
|
|
||||||
auth_plugin = token_endpoint.Token(endpoint=auth_url, token=token)
|
|
||||||
else:
|
|
||||||
auth_plugin = v3.Password(auth_url=auth_url, username=login_username, password=login_password,
|
|
||||||
project_name=login_project_name, project_domain_name=login_project_domain_name,
|
|
||||||
user_domain_name=login_user_domain_name, domain_name=login_domain_name)
|
|
||||||
|
|
||||||
# Force validation if ca_cert is provided
|
|
||||||
if ca_cert:
|
|
||||||
insecure = False
|
|
||||||
auth_session = session.Session(
|
|
||||||
auth=auth_plugin, verify=insecure, cert=ca_cert)
|
|
||||||
return v3client.Client(auth_url=auth_url, session=auth_session)
|
|
||||||
|
|
||||||
|
|
||||||
def _find_domain(ks_client, domain_name=None):
|
|
||||||
domains = ks_client.domains.list(name=domain_name)
|
|
||||||
return domains[0] if len(domains) else None
|
|
||||||
|
|
||||||
|
|
||||||
def _delete_domain(ks_client, domain=None):
|
|
||||||
|
|
||||||
ks_client.domains.update(domain, enabled=False)
|
|
||||||
return ks_client.domains.delete(domain)
|
|
||||||
|
|
||||||
|
|
||||||
def _create_domain(ks_client, domain_name=None, description=None):
|
|
||||||
return ks_client.domains.create(name=domain_name, description=description)
|
|
||||||
|
|
||||||
|
|
||||||
def _find_user(ks_client, domain_name=None, user_name=None):
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
|
|
||||||
if domain:
|
|
||||||
users = ks_client.users.list(domain=domain, name=user_name)
|
|
||||||
if len(users):
|
|
||||||
return users[0]
|
|
||||||
|
|
||||||
|
|
||||||
def _create_user(ks_client, user_name=None, user_password=None, domain_name=None,
|
|
||||||
email=None, description=None):
|
|
||||||
|
|
||||||
domain = _find_domain(ks_client, domain_name)
|
|
||||||
return ks_client.users.create(name=user_name, password=user_password,
|
|
||||||
description=description,
|
|
||||||
email=email, domain=domain)
|
|
||||||
|
|
||||||
|
|
||||||
def _delete_user(ks_client, user=None):
|
|
||||||
ks_client.users.update(user=user, enabled=False)
|
|
||||||
ks_client.users.delete(user=user)
|
|
||||||
|
|
||||||
|
|
||||||
def _find_project(ks_client, domain_name=None, project_name=None):
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
|
|
||||||
if domain:
|
|
||||||
projects = ks_client.projects.list(domain=domain, name=project_name)
|
|
||||||
if len(projects):
|
|
||||||
return projects[0]
|
|
||||||
|
|
||||||
|
|
||||||
def _create_project(ks_client, project_name=None, domain_name=None,
|
|
||||||
description=None):
|
|
||||||
|
|
||||||
domain = _find_domain(ks_client, domain_name)
|
|
||||||
return ks_client.projects.create(name=project_name,
|
|
||||||
description=description,
|
|
||||||
domain=domain)
|
|
||||||
|
|
||||||
|
|
||||||
def _delete_project(ks_client, project=None):
|
|
||||||
ks_client.projects.update(project=project, enabled=False)
|
|
||||||
ks_client.projects.delete(project=project)
|
|
||||||
|
|
||||||
|
|
||||||
def _find_role(ks_client, role_name=None):
|
|
||||||
roles = ks_client.roles.list(name=role_name)
|
|
||||||
return roles[0] if len(roles) else None
|
|
||||||
|
|
||||||
|
|
||||||
def _delete_role(ks_client, role=None):
|
|
||||||
return ks_client.roles.delete(role)
|
|
||||||
|
|
||||||
|
|
||||||
def _create_role(ks_client, role_name=None, description=None):
|
|
||||||
return ks_client.roles.create(name=role_name, description=description)
|
|
||||||
|
|
||||||
|
|
||||||
def _grant_roles(ks_client, role=None, project=None, user=None, domain=None):
|
|
||||||
return ks_client.roles.grant(role=role, project=project, user=user, domain=domain)
|
|
||||||
|
|
||||||
|
|
||||||
def _revoke_roles(ks_client, role=None, project=None, user=None, domain=None):
|
|
||||||
return ks_client.roles.revoke(role=role, project=project, user=user, domain=domain)
|
|
||||||
|
|
||||||
def _find_service(ks_client, service_name=None, service_type=None):
|
|
||||||
services = ks_client.services.list(name=service_name,
|
|
||||||
type=service_type)
|
|
||||||
return services[0] if len(services) else None
|
|
||||||
|
|
||||||
def _create_service(ks_client, service_name=None, service_type=None,
|
|
||||||
description=None):
|
|
||||||
return ks_client.services.create(name=service_name, type=service_type,
|
|
||||||
description=description)
|
|
||||||
|
|
||||||
def _delete_service(ks_client, service_name=None):
|
|
||||||
return ks_client.services.delete(name=service_name)
|
|
||||||
|
|
||||||
def _find_endpoint(ks_client, service=None, interface=None):
|
|
||||||
|
|
||||||
endpoints = ks_client.endpoints.list(service=service, interface=interface)
|
|
||||||
return endpoints[0] if len(endpoints) else None
|
|
||||||
|
|
||||||
def _create_endpoint(ks_client, service=None, url=None,
|
|
||||||
interface=None, region=None):
|
|
||||||
return ks_client.endpoints.create(service=service, url=url,
|
|
||||||
interface=interface, region=region)
|
|
||||||
|
|
||||||
def find_domain(ks_client, domain_name=None):
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
result, domain = (True, domain) if (domain) else (False, None)
|
|
||||||
return result, domain
|
|
||||||
|
|
||||||
|
|
||||||
def create_domain(ks_client, domain_name=None, description=None):
|
|
||||||
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
|
|
||||||
if domain:
|
|
||||||
return (False, domain)
|
|
||||||
|
|
||||||
# Domain with that name doesn't exist
|
|
||||||
domain = _create_domain(
|
|
||||||
ks_client, domain_name=domain_name, description=description)
|
|
||||||
return (True, domain)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_domain(ks_client, domain_name=None):
|
|
||||||
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
|
|
||||||
if domain:
|
|
||||||
_delete_domain(ks_client, domain=domain)
|
|
||||||
return (True, domain)
|
|
||||||
|
|
||||||
# Domain with that name doesn't exist
|
|
||||||
return (False, None)
|
|
||||||
|
|
||||||
|
|
||||||
def find_user(ks_client, user_name=None, domain_name=None):
|
|
||||||
user = _find_user(ks_client, domain_name=domain_name, user_name=user_name)
|
|
||||||
result, user = (True, user) if user else (False, None)
|
|
||||||
return result, user
|
|
||||||
|
|
||||||
|
|
||||||
def create_user(ks_client, user_name=None, user_password=None, domain_name=None,
|
|
||||||
email=None, description=None):
|
|
||||||
|
|
||||||
user = _find_user(ks_client, user_name=user_name, domain_name=domain_name)
|
|
||||||
|
|
||||||
if user:
|
|
||||||
return (False, user)
|
|
||||||
|
|
||||||
# User with that name doesn't exist
|
|
||||||
user = _create_user(ks_client, user_name=user_name,
|
|
||||||
user_password=user_password, domain_name=domain_name,
|
|
||||||
email=email, description=description)
|
|
||||||
return (True, user)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_user(ks_client, user_name=None, domain_name=None):
|
|
||||||
|
|
||||||
user = _find_user(ks_client, domain_name=domain_name, user_name=user_name)
|
|
||||||
|
|
||||||
if user:
|
|
||||||
_delete_user(ks_client, user=user)
|
|
||||||
return (True, user)
|
|
||||||
|
|
||||||
# User with that name doesn't exist
|
|
||||||
return (False, None)
|
|
||||||
|
|
||||||
|
|
||||||
def find_project(ks_client, project_name=None, domain_name=None):
|
|
||||||
project = _find_project(
|
|
||||||
ks_client, domain_name=domain_name, project_name=project_name)
|
|
||||||
result, project = (True, project) if project else (False, None)
|
|
||||||
return result, project
|
|
||||||
|
|
||||||
|
|
||||||
def create_project(ks_client, project_name=None, domain_name=None,
|
|
||||||
description=None):
|
|
||||||
|
|
||||||
project = _find_project(
|
|
||||||
ks_client, project_name=project_name, domain_name=domain_name)
|
|
||||||
|
|
||||||
if project:
|
|
||||||
return (False, project)
|
|
||||||
|
|
||||||
# Project with that name doesn't exist
|
|
||||||
project = _create_project(ks_client, project_name=project_name,
|
|
||||||
domain_name=domain_name, description=description)
|
|
||||||
return (True, project)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_project(ks_client, project_name=None, domain_name=None):
|
|
||||||
|
|
||||||
project = _find_project(
|
|
||||||
ks_client, domain_name=domain_name, project_name=project_name)
|
|
||||||
|
|
||||||
if project:
|
|
||||||
_delete_project(ks_client, project=project)
|
|
||||||
return (True, project)
|
|
||||||
|
|
||||||
# Project with that name doesn't exist
|
|
||||||
return (False, None)
|
|
||||||
|
|
||||||
|
|
||||||
def find_role(ks_client, role_name=None):
|
|
||||||
role = _find_role(ks_client, role_name=role_name)
|
|
||||||
result, role = (True, role) if (role) else (False, None)
|
|
||||||
return result, role
|
|
||||||
|
|
||||||
|
|
||||||
def create_role(ks_client, role_name=None, description=None):
|
|
||||||
|
|
||||||
role = _find_role(ks_client, role_name=role_name)
|
|
||||||
|
|
||||||
if role:
|
|
||||||
return (False, role)
|
|
||||||
|
|
||||||
# role with that name doesn't exist
|
|
||||||
role = _create_role(
|
|
||||||
ks_client, role_name=role_name, description=description)
|
|
||||||
return (True, role)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_role(ks_client, role_name=None):
|
|
||||||
|
|
||||||
role = _find_role(ks_client, role_name=role_name)
|
|
||||||
|
|
||||||
if role:
|
|
||||||
_delete_role(ks_client, role=role)
|
|
||||||
return (True, role)
|
|
||||||
|
|
||||||
# role with that name doesn't exist
|
|
||||||
return (False, None)
|
|
||||||
|
|
||||||
|
|
||||||
def _grant_or_revoke_project_role(ks_client, role_name=None, user_name=None, project_name=None,
|
|
||||||
user_domain_name=None, project_domain_name=None, grant=True):
|
|
||||||
|
|
||||||
role = _find_role(ks_client, role_name=role_name)
|
|
||||||
user = _find_user(
|
|
||||||
ks_client, user_name=user_name, domain_name=user_domain_name)
|
|
||||||
project = _find_project(
|
|
||||||
ks_client, project_name=project_name, domain_name=project_domain_name)
|
|
||||||
|
|
||||||
if (user and role and project):
|
|
||||||
if (grant):
|
|
||||||
_grant_roles(ks_client, role=role, project=project, user=user)
|
|
||||||
else:
|
|
||||||
_revoke_roles(ks_client, role=role, project=project, user=user)
|
|
||||||
return (True, "OK")
|
|
||||||
|
|
||||||
return (False, "Not able to find user/role/project with the given inputs")
|
|
||||||
|
|
||||||
|
|
||||||
def _grant_or_revoke_domain_role(ks_client, role_name=None, user_name=None,
|
|
||||||
user_domain_name=None, domain_name=None, grant=True):
|
|
||||||
|
|
||||||
role = _find_role(ks_client, role_name=role_name)
|
|
||||||
user = _find_user(
|
|
||||||
ks_client, user_name=user_name, domain_name=user_domain_name)
|
|
||||||
domain = _find_domain(ks_client, domain_name=domain_name)
|
|
||||||
|
|
||||||
if (user and role and domain):
|
|
||||||
if (grant):
|
|
||||||
_grant_roles(ks_client, role=role, domain=domain, user=user)
|
|
||||||
else:
|
|
||||||
_revoke_roles(ks_client, role=role, domain=domain, user=user)
|
|
||||||
return (True, "OK")
|
|
||||||
|
|
||||||
return (False, "Not able to find user/role/domain with the given inputs")
|
|
||||||
|
|
||||||
|
|
||||||
def grant_project_role(ks_client, role_name=None, user_name=None, project_name=None,
|
|
||||||
user_domain_name=None, project_domain_name=None):
|
|
||||||
|
|
||||||
return _grant_or_revoke_project_role(ks_client, role_name=role_name, user_name=user_name,
|
|
||||||
project_name=project_name, user_domain_name=user_domain_name,
|
|
||||||
project_domain_name=project_domain_name, grant=True)
|
|
||||||
|
|
||||||
|
|
||||||
def revoke_project_role(ks_client, role_name=None, user_name=None, project_name=None,
|
|
||||||
user_domain_name=None, project_domain_name=None):
|
|
||||||
|
|
||||||
return _grant_or_revoke_project_role(ks_client, role_name=role_name, user_name=user_name,
|
|
||||||
project_name=project_name, user_domain_name=user_domain_name,
|
|
||||||
project_domain_name=project_domain_name, grant=False)
|
|
||||||
|
|
||||||
|
|
||||||
def grant_domain_role(ks_client, role_name=None, user_name=None, domain_name=None,
|
|
||||||
user_domain_name=None):
|
|
||||||
|
|
||||||
return _grant_or_revoke_domain_role(ks_client, role_name=role_name, user_name=user_name,
|
|
||||||
user_domain_name=user_domain_name,
|
|
||||||
domain_name=domain_name, grant=True)
|
|
||||||
|
|
||||||
|
|
||||||
def revoke_domain_role(ks_client, role_name=None, user_name=None, domain_name=None,
|
|
||||||
user_domain_name=None):
|
|
||||||
return _grant_or_revoke_domain_role(ks_client, role_name=role_name, user_name=user_name,
|
|
||||||
user_domain_name=user_domain_name,
|
|
||||||
domain_name=domain_name, grant=False)
|
|
||||||
|
|
||||||
def create_service(ks_client, service_name=None, service_type=None,
|
|
||||||
description=None):
|
|
||||||
|
|
||||||
service = _find_service(ks_client, service_name=service_name,
|
|
||||||
service_type=service_type)
|
|
||||||
|
|
||||||
if service:
|
|
||||||
return (False, service)
|
|
||||||
|
|
||||||
# Service with that name doesn't exist
|
|
||||||
service = _create_service(
|
|
||||||
ks_client, service_name=service_name, service_type=service_type,
|
|
||||||
description=description)
|
|
||||||
return (True, service)
|
|
||||||
|
|
||||||
def create_endpoint(ks_client, service_name=None, region=None,
|
|
||||||
admin_url=None, internal_url=None,
|
|
||||||
public_url=None):
|
|
||||||
|
|
||||||
service = _find_service(ks_client, service_name=service_name)
|
|
||||||
|
|
||||||
if not service:
|
|
||||||
raise Exception("Service with the name=%s doesn't exist" %(service_name))
|
|
||||||
|
|
||||||
# Here we are checking only public endpoint, that should be fine
|
|
||||||
endpoint = _find_endpoint(ks_client, service=service, interface="public")
|
|
||||||
if endpoint:
|
|
||||||
return (False, endpoint)
|
|
||||||
|
|
||||||
public_endpoint = _create_endpoint(
|
|
||||||
ks_client, service=service, interface="public", region=region,
|
|
||||||
url=public_url)
|
|
||||||
internal_endpoint = _create_endpoint(
|
|
||||||
ks_client, service=service, interface="internal", region=region,
|
|
||||||
url=internal_url)
|
|
||||||
public_endpint = _create_endpoint(
|
|
||||||
ks_client, service=service, interface="admin", region=region,
|
|
||||||
url=admin_url)
|
|
||||||
|
|
||||||
return (True, public_endpint)
|
|
||||||
|
|
||||||
def process_params(module):
|
|
||||||
|
|
||||||
user_name = module.params.get("user_name", None)
|
|
||||||
user_password = module.params.get("user_password", None)
|
|
||||||
email = module.params.get("email", None)
|
|
||||||
description = module.params.get("description", None)
|
|
||||||
user_domain_name = module.params.get("user_domain_name", None)
|
|
||||||
|
|
||||||
domain_name = module.params.get("domain_name", None)
|
|
||||||
|
|
||||||
project_name = module.params.get("project_name", None)
|
|
||||||
project_domain_name = module.params.get("project_domain_name", None)
|
|
||||||
|
|
||||||
role_name = module.params.get("role_name", None)
|
|
||||||
|
|
||||||
service_name = module.params.get("service_name", None)
|
|
||||||
service_type = module.params.get("service_type", None)
|
|
||||||
region = module.params.get("region", None)
|
|
||||||
admin_url = module.params.get("admin_url", None)
|
|
||||||
internal_url = module.params.get("internal_url", None)
|
|
||||||
public_url = module.params.get("public_url", None)
|
|
||||||
|
|
||||||
action = module.params["action"]
|
|
||||||
|
|
||||||
if (action == "find_domain" or action == "delete_domain"):
|
|
||||||
kwargs = dict(domain_name=domain_name)
|
|
||||||
elif (action == "create_domain"):
|
|
||||||
kwargs = dict(domain_name=domain_name, description=description)
|
|
||||||
elif (action == "find_user" or action == "delete_user"):
|
|
||||||
kwargs = dict(domain_name=user_domain_name, user_name=user_name)
|
|
||||||
elif (action == "create_user"):
|
|
||||||
kwargs = dict(domain_name=user_domain_name, description=description, user_name=user_name,
|
|
||||||
email=email, user_password=user_password)
|
|
||||||
elif (action == "find_project" or action == "delete_project"):
|
|
||||||
kwargs = dict(
|
|
||||||
domain_name=project_domain_name, project_name=project_name)
|
|
||||||
elif (action == "create_project"):
|
|
||||||
kwargs = dict(domain_name=project_domain_name, description=description,
|
|
||||||
project_name=project_name)
|
|
||||||
elif (action == "find_role" or action == "delete_role"):
|
|
||||||
kwargs = dict(role_name=role_name)
|
|
||||||
elif (action == "create_role"):
|
|
||||||
kwargs = dict(role_name=role_name, description=description)
|
|
||||||
elif (action == "grant_project_role" or action == "revoke_project_role"):
|
|
||||||
kwargs = dict(role_name=role_name, user_name=user_name,
|
|
||||||
user_domain_name=user_domain_name, project_name=project_name,
|
|
||||||
project_domain_name=project_domain_name)
|
|
||||||
elif (action == "grant_domain_role" or action == "revoke_domain_role"):
|
|
||||||
kwargs = dict(role_name=role_name, user_name=user_name,
|
|
||||||
user_domain_name=user_domain_name,
|
|
||||||
domain_name=domain_name)
|
|
||||||
elif (action == "create_service"):
|
|
||||||
kwargs = dict(service_name=service_name, service_type=service_type,
|
|
||||||
description=description)
|
|
||||||
elif (action == "create_endpoint"):
|
|
||||||
kwargs = dict(service_name=service_name, region=region,
|
|
||||||
admin_url=admin_url, internal_url=internal_url,
|
|
||||||
public_url=public_url)
|
|
||||||
|
|
||||||
return kwargs
|
|
||||||
|
|
||||||
dispatch_map = {
|
|
||||||
"find_domain": find_domain,
|
|
||||||
"delete_domain": delete_domain,
|
|
||||||
"create_domain": create_domain,
|
|
||||||
|
|
||||||
"find_user": find_user,
|
|
||||||
"delete_user": delete_user,
|
|
||||||
"create_user": create_user,
|
|
||||||
|
|
||||||
"find_project": find_project,
|
|
||||||
"delete_project": delete_project,
|
|
||||||
"create_project": create_project,
|
|
||||||
|
|
||||||
"find_role": find_role,
|
|
||||||
"delete_role": delete_role,
|
|
||||||
"create_role": create_role,
|
|
||||||
|
|
||||||
"grant_project_role": grant_project_role,
|
|
||||||
"revoke_project_role": revoke_project_role,
|
|
||||||
"grant_domain_role": grant_domain_role,
|
|
||||||
"revoke_domain_role": revoke_domain_role,
|
|
||||||
|
|
||||||
"create_service": create_service,
|
|
||||||
"create_endpoint": create_endpoint,
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
def get_client(module):
|
|
||||||
|
|
||||||
login_username = module.params.get("login_username")
|
|
||||||
login_project_name = module.params.get("login_project_name")
|
|
||||||
login_user_domain_name = module.params.get("login_user_domain_name")
|
|
||||||
login_project_domain_name = module.params.get("login_project_domain_name")
|
|
||||||
login_password = module.params.get("login_password")
|
|
||||||
auth_url = module.params.get("endpoint")
|
|
||||||
token = module.params.get("login_token")
|
|
||||||
|
|
||||||
ks_client = _get_client(login_username=login_username,
|
|
||||||
login_project_name=login_project_name,
|
|
||||||
login_user_domain_name=login_user_domain_name,
|
|
||||||
login_project_domain_name=login_project_domain_name,
|
|
||||||
login_password=login_password,
|
|
||||||
auth_url=auth_url,
|
|
||||||
token=token)
|
|
||||||
|
|
||||||
return ks_client
|
|
||||||
|
|
||||||
|
|
||||||
def process_module_action(module):
|
|
||||||
|
|
||||||
ks_client = get_client(module)
|
|
||||||
|
|
||||||
action = module.params["action"]
|
|
||||||
kwargs = process_params(module)
|
|
||||||
|
|
||||||
try:
|
|
||||||
result = dispatch_map[action](ks_client, **kwargs)
|
|
||||||
except Exception as e:
|
|
||||||
module.fail_json(msg="%s, failed" % e)
|
|
||||||
else:
|
|
||||||
status, resource_data = result
|
|
||||||
data = dict(changed=status, result=str(resource_data))
|
|
||||||
module.exit_json(**data)
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
|
|
||||||
supported_actions = dispatch_map.keys()
|
|
||||||
|
|
||||||
argument_spec = dict(
|
|
||||||
login_username=dict(default=None),
|
|
||||||
login_password=dict(default=None),
|
|
||||||
login_project_name=dict(default=None),
|
|
||||||
login_project_domain_name=dict(default=None),
|
|
||||||
login_user_domain_name=dict(default=None),
|
|
||||||
login_domain_name=dict(default=None),
|
|
||||||
login_token=dict(default=None),
|
|
||||||
|
|
||||||
endpoint=dict(default=None),
|
|
||||||
description=dict(default="Created by Ansible keystone_v3"),
|
|
||||||
email=dict(default=None),
|
|
||||||
user_name=dict(default=None),
|
|
||||||
user_password=dict(default=None),
|
|
||||||
user_domain_name=dict(default=None),
|
|
||||||
project_name=dict(default=None),
|
|
||||||
project_domain_name=dict(default=None),
|
|
||||||
domain_name=dict(default=None),
|
|
||||||
role_name=dict(default=None),
|
|
||||||
|
|
||||||
service_name=dict(default=None),
|
|
||||||
service_type=dict(default=None),
|
|
||||||
|
|
||||||
region=dict(default=None),
|
|
||||||
admin_url=dict(default=None),
|
|
||||||
public_url=dict(default=None),
|
|
||||||
internal_url=dict(default=None),
|
|
||||||
|
|
||||||
action=dict(default=None, required=True, choices=supported_actions)
|
|
||||||
|
|
||||||
)
|
|
||||||
|
|
||||||
module = AnsibleModule(
|
|
||||||
argument_spec=argument_spec, supports_check_mode=False)
|
|
||||||
process_module_action(module)
|
|
||||||
|
|
||||||
from ansible.module_utils.basic import *
|
|
||||||
from ansible.module_utils.database import *
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
main()
|
|
123
cloud/openstack/os_keystone_domain.py
Normal file
123
cloud/openstack/os_keystone_domain.py
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# This module is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This software is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this software. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
|
||||||
|
try:
|
||||||
|
import shade
|
||||||
|
from shade import meta
|
||||||
|
HAS_SHADE = True
|
||||||
|
except ImportError:
|
||||||
|
HAS_SHADE = False
|
||||||
|
|
||||||
|
DOCUMENTATION = '''
|
||||||
|
---
|
||||||
|
module: os_keystone_domain
|
||||||
|
short_description: Manage OpenStack Identity Domains
|
||||||
|
extends_documentation_fragment: openstack
|
||||||
|
version_added: "2.1"
|
||||||
|
description:
|
||||||
|
- Manage OpenStack Identity Domains
|
||||||
|
options:
|
||||||
|
name:
|
||||||
|
description:
|
||||||
|
- Name that has to be given to the instance
|
||||||
|
required: true
|
||||||
|
description:
|
||||||
|
description:
|
||||||
|
- Description of the domain
|
||||||
|
required: false
|
||||||
|
default: None
|
||||||
|
enabled:
|
||||||
|
description:
|
||||||
|
- Is the domain enabled
|
||||||
|
required: false
|
||||||
|
default: True
|
||||||
|
state:
|
||||||
|
description:
|
||||||
|
- Should the resource be present or absent.
|
||||||
|
choices: [present, absent]
|
||||||
|
default: present
|
||||||
|
requirements:
|
||||||
|
- "python >= 2.6"
|
||||||
|
- "shade"
|
||||||
|
'''
|
||||||
|
|
||||||
|
EXAMPLES = '''
|
||||||
|
# Create a domain
|
||||||
|
- os_keystone_domain: name=demo description="Demo Domain"
|
||||||
|
'''
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
|
||||||
|
argument_spec = openstack_full_argument_spec(
|
||||||
|
name=dict(required=True),
|
||||||
|
description=dict(default=None),
|
||||||
|
enabled=dict(default=True, type='bool'),
|
||||||
|
state=dict(default='present', choices=['absent', 'present']),
|
||||||
|
# Override endpoint_type default since this is an admin function
|
||||||
|
endpoint_type=dict(
|
||||||
|
default='admin', choices=['public', 'internal', 'admin']),
|
||||||
|
))
|
||||||
|
|
||||||
|
module_kwargs = openstack_module_kwargs()
|
||||||
|
module = AnsibleModule(argument_spec, **module_kwargs)
|
||||||
|
|
||||||
|
if not HAS_SHADE:
|
||||||
|
module.fail_json(msg='shade is required for this module')
|
||||||
|
|
||||||
|
name = module.params.pop('name')
|
||||||
|
description = module.params.pop('description')
|
||||||
|
enabled = module.params.pop('enabled')
|
||||||
|
state = module.params.pop('state')
|
||||||
|
|
||||||
|
try:
|
||||||
|
cloud = shade.operator_cloud(**module.params)
|
||||||
|
|
||||||
|
domain = cloud.get_identity_domain(name=name)
|
||||||
|
|
||||||
|
if state == 'present':
|
||||||
|
if domain is None:
|
||||||
|
domain = cloud.create_domain(
|
||||||
|
name=name, description=description, enabled=enabled)
|
||||||
|
changed = True
|
||||||
|
else:
|
||||||
|
if (domain.name != name or domain.description != description
|
||||||
|
or domain.enabled != enabled):
|
||||||
|
cloud.update_domain(
|
||||||
|
domain.id, name=name, description=description,
|
||||||
|
enabled=enabled)
|
||||||
|
changed = True
|
||||||
|
else:
|
||||||
|
changed = False
|
||||||
|
module.exit_json(changed=changed, domain=domain)
|
||||||
|
elif state == 'absent':
|
||||||
|
if domain is None:
|
||||||
|
changed=False
|
||||||
|
else:
|
||||||
|
cloud.delete_domain(domain.id)
|
||||||
|
changed=True
|
||||||
|
module.exit_json(changed=changed)
|
||||||
|
|
||||||
|
except shade.OpenStackCloudException as e:
|
||||||
|
module.fail_json(msg=e.message, extra_data=e.extra_data)
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import *
|
||||||
|
from ansible.module_utils.openstack import *
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
Loading…
Reference in a new issue