cb68e4142e
Since a chance in puppet-keystone (1], we now match an endpoint with a service name/type. ) [1] http://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=0a4e06abb0f5b3f324464ff5219d2885816311ce Change-Id: I09c80c1c9b816a4dc734a268010fe8569ca8ec03 Closes-Bug: #1528308
214 lines
6.5 KiB
Puppet
214 lines
6.5 KiB
Puppet
#
|
|
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
|
|
#
|
|
# Author: Emilien Macchi <emilien.macchi@enovance.com>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# tuskar::keystone::auth
|
|
#
|
|
# Configures Tuskar user, service and endpoint in Keystone.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*password*]
|
|
# (required) Password for Tuskar user.
|
|
#
|
|
# [*auth_name*]
|
|
# Username for Tuskar service. Defaults to 'tuskar'.
|
|
#
|
|
# [*email*]
|
|
# Email for Tuskar user. Defaults to 'tuskar@localhost'.
|
|
#
|
|
# [*tenant*]
|
|
# Tenant for Tuskar user. Defaults to 'services'.
|
|
#
|
|
# [*configure_endpoint*]
|
|
# Should Tuskar endpoint be configured? Defaults to 'true'.
|
|
#
|
|
# [*configure_user*]
|
|
# (Optional) Should the service user be configured?
|
|
# Defaults to 'true'.
|
|
#
|
|
# [*configure_user_role*]
|
|
# (Optional) Should the admin role be configured for the service user?
|
|
# Defaults to 'true'.
|
|
#
|
|
# [*service_name*]
|
|
# (Optional) Name of the service.
|
|
# Defaults to the value of auth_name, but must differ from the value.
|
|
#
|
|
# [*service_type*]
|
|
# Type of service. Defaults to 'management'.
|
|
#
|
|
# [*service_description*]
|
|
# Description for keystone service. Optional. Defaults to 'Tuskar Management Service'.
|
|
#
|
|
# [*public_protocol*]
|
|
# (optional) DEPRECATED: Use public_url instead.
|
|
# Protocol for public endpoint. Defaults to 'http'.
|
|
#
|
|
# [*public_address*]
|
|
# (optional) DEPRECATED: Use public_url instead.
|
|
# Public address for endpoint. Defaults to '127.0.0.1'.
|
|
#
|
|
# [*admin_protocol*]
|
|
# (optional) DEPRECATED: Use admin_url instead.
|
|
# Protocol for admin endpoint. Defaults to 'http'.
|
|
#
|
|
# [*admin_address*]
|
|
# (optional) DEPRECATED: Use admin_url instead.
|
|
# Admin address for endpoint. Defaults to '127.0.0.1'.
|
|
#
|
|
# [*internal_protocol*]
|
|
# (optional) DEPRECATED: Use internal_url instead.
|
|
# Protocol for internal endpoint. Defaults to 'http'.
|
|
#
|
|
# [*internal_address*]
|
|
# (optional) DEPRECATED: Use internal_url instead.
|
|
# Internal address for endpoint. Defaults to '127.0.0.1'.
|
|
#
|
|
# [*port*]
|
|
# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead.
|
|
# Port for endpoint. Defaults to '8585'.
|
|
#
|
|
# [*public_port*]
|
|
# (optional) DEPRECATED: Use public_url instead.
|
|
# Port for public endpoint. Defaults to $port.
|
|
#
|
|
# [*region*]
|
|
# Region for endpoint. Defaults to 'RegionOne'.
|
|
#
|
|
# [*public_url*]
|
|
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:8585')
|
|
# This url should *not* contain any trailing '/'.
|
|
#
|
|
# [*admin_url*]
|
|
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:8585')
|
|
# This url should *not* contain any trailing '/'.
|
|
#
|
|
# [*internal_url*]
|
|
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:8585')
|
|
# This url should *not* contain any trailing '/'.
|
|
#
|
|
class tuskar::keystone::auth (
|
|
$password,
|
|
$auth_name = 'tuskar',
|
|
$email = 'tuskar@localhost',
|
|
$tenant = 'services',
|
|
$configure_endpoint = true,
|
|
$configure_user = true,
|
|
$configure_user_role = true,
|
|
$service_name = undef,
|
|
$service_type = 'management',
|
|
$service_description = 'Tuskar Management Service',
|
|
$region = 'RegionOne',
|
|
$public_url = 'http://127.0.0.1:8585',
|
|
$admin_url = 'http://127.0.0.1:8585',
|
|
$internal_url = 'http://127.0.0.1:8585',
|
|
# DEPRECATED
|
|
$port = undef,
|
|
$public_protocol = undef,
|
|
$public_address = undef,
|
|
$admin_protocol = undef,
|
|
$admin_address = undef,
|
|
$internal_protocol = undef,
|
|
$internal_address = undef,
|
|
$public_port = undef,
|
|
) {
|
|
|
|
if $port {
|
|
warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.')
|
|
}
|
|
|
|
if $public_port {
|
|
warning('The public_port parameter is deprecated, use public_url instead.')
|
|
}
|
|
|
|
if $public_protocol {
|
|
warning('The public_protocol parameter is deprecated, use public_url instead.')
|
|
}
|
|
|
|
if $public_address {
|
|
warning('The public_address parameter is deprecated, use public_url instead.')
|
|
}
|
|
|
|
if $internal_protocol {
|
|
warning('The internal_protocol parameter is deprecated, use internal_url instead.')
|
|
}
|
|
|
|
if $internal_address {
|
|
warning('The internal_address parameter is deprecated, use internal_url instead.')
|
|
}
|
|
|
|
if $admin_address {
|
|
warning('The admin_address parameter is deprecated, use admin_url instead.')
|
|
}
|
|
|
|
if $admin_protocol {
|
|
warning('The admin_protocol parameter is deprecated, use admin_url instead.')
|
|
}
|
|
|
|
if ($public_protocol or $public_address or $port or $public_port) {
|
|
$public_url_real = sprintf('%s://%s:%s',
|
|
pick($public_protocol, 'http'),
|
|
pick($public_address, '127.0.0.1'),
|
|
pick($public_port, $port, '8585'))
|
|
} else {
|
|
$public_url_real = $public_url
|
|
}
|
|
|
|
if ($admin_protocol or $admin_address or $port) {
|
|
$admin_url_real = sprintf('%s://%s:%s',
|
|
pick($admin_protocol, 'http'),
|
|
pick($admin_address, '127.0.0.1'),
|
|
pick($port, '8585'))
|
|
} else {
|
|
$admin_url_real = $admin_url
|
|
}
|
|
|
|
if ($internal_protocol or $internal_address or $port) {
|
|
$internal_url_real = sprintf('%s://%s:%s',
|
|
pick($internal_protocol, 'http'),
|
|
pick($internal_address, '127.0.0.1'),
|
|
pick($port, '8585'))
|
|
} else {
|
|
$internal_url_real = $internal_url
|
|
}
|
|
|
|
$real_service_name = pick($service_name, $auth_name)
|
|
|
|
if $configure_user_role {
|
|
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'tuskar-api' |>
|
|
}
|
|
|
|
Keystone_endpoint["${region}/${auth_name}::${service_type}"] ~> Service <| name == 'tuskar-api' |>
|
|
|
|
keystone::resource::service_identity { $auth_name:
|
|
configure_user => $configure_user,
|
|
configure_user_role => $configure_user_role,
|
|
configure_endpoint => $configure_endpoint,
|
|
service_name => $real_service_name,
|
|
service_type => $service_type,
|
|
service_description => $service_description,
|
|
region => $region,
|
|
password => $password,
|
|
email => $email,
|
|
tenant => $tenant,
|
|
public_url => $public_url_real,
|
|
internal_url => $internal_url_real,
|
|
admin_url => $admin_url_real,
|
|
}
|
|
|
|
}
|