def keystone_client(auth_url,
username,
password,
user_domain_id,
user_project_id=None,
version=None,
verify=None,
interface=None,
timeout=None):
version = version or plugin_settings.IDENTITY_API_VERSION
if verify is None:
verify = plugin_settings.REQUIRE_VALID_SSL
interface = interface or plugin_settings.DEFAULT_INTERFACE
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_id=user_domain_id,
project_id=user_project_id)
sess = session.Session(auth=auth, verify=verify, timeout=timeout)
c = Client(session=sess,
version=version,
timeout=timeout,
auth_url=auth_url,
interface=interface)
return c
def get_keystone_session(tenant_name=None, tenant_id=None):
url = settings.OS_AUTH_URL
keystone_client = Client(
user_domain_name=settings.OS_DOMAIN_NAME,
username=settings.OS_USERNAME,
password=settings.OS_PASSWORD,
project_name=tenant_name,
project_id=tenant_id,
project_domain_name=settings.OS_DOMAIN_NAME,
auth_url=settings.OS_AUTH_URL.replace('/v2.0', '/v3'),
insecure=settings.OS_INSECURE,
region=settings.OS_REGION_NAME,
endpoint=settings.OS_AUTH_URL.replace('/v2.0', '/v3'))
keystone_client.authenticate()
keystone_session = keystone_client.session
return keystone_client, keystone_session
def main():
module = AnsibleModule(argument_spec=dict(
auth_url=dict(default=None, required=True),
username=dict(default=None, required=True),
password=dict(default=None, required=True),
project_name_to_auth=dict(default=None, required=True),
domain_name_to_auth=dict(default=None, required=True),
verify=dict(default=True, type='bool', required=False),
name=dict(default=None, required=True),
identity_provider=dict(default=None, required=True),
mapping=dict(default=None, required=True),
state=dict(
default='present', required=False, choices=['present', 'absent']),
))
changed = False
result = None
action = "Creating" if module.params['state'] == 'present' else "Deleting"
try:
auth = v3.Password(
auth_url=module.params['auth_url'],
username=module.params['username'],
user_domain_name=module.params['domain_name_to_auth'],
password=module.params['password'],
project_name=module.params['project_name_to_auth'],
project_domain_name=module.params['domain_name_to_auth'])
client_session = session.Session(auth=auth,
verify=module.params['verify'])
keystone = Client(session=client_session)
idp = module.params['identity_provider']
if module.params['state'] == 'present':
if not _federation_protocol_exists(keystone, module.params['name'],
idp):
params = {
'client': keystone,
'protocol_id': module.params['name'],
'identity_provider_id': module.params['identity_provider'],
'mapping_id': module.params['mapping']
}
_create_federation_protocol(**params)
changed = True
result = 'created'
else:
if _federation_protocol_exists(keystone, module.params['name'],
idp):
_delete_federation_protocol(keystone, module.params['name'],
idp)
changed = True
result = 'deleted'
except Exception as e:
module.fail_json(msg="%s federation protocol failed: %s" % (action, e))
module.exit_json(changed=changed, result=result, id=module.params['name'])
def main():
module = AnsibleModule(
argument_spec=dict(
auth_url=dict(default=None, required=True),
username=dict(default=None, required=True),
password=dict(default=None, required=True),
project_name_to_auth=dict(default=None, required=True),
domain_name_to_auth=dict(default=None, required=True),
verify=dict(default=True, type='bool', required=False),
name=dict(default=None, required=True),
description=dict(default=None, required=False),
remote_ids=dict(default=None, required=False),
enabled=dict(default=True, type='bool', required=False),
state=dict(default='present', required=False,
choices=['present', 'absent']),
)
)
changed = False
result = None
action = "Creating" if module.params['state'] == 'present' else "Deleting"
try:
keystone = Client(auth_url=module.params['auth_url'],
username=module.params['username'],
password=module.params['password'],
verify=module.params['verify'],
project_name=module.params['project_name_to_auth'],
project_domain_name=module.params['domain_name_to_auth'])
if module.params['state'] == 'present':
if not _identity_provider_exists(keystone, module.params['name']):
remote_ids = module.params['remote_ids']
if remote_ids:
remote_ids = [i.strip() for i in remote_ids.split(',')]
params = {
'client': keystone,
'provider_id': module.params['name'],
'description': module.params['description'],
'remote_ids': remote_ids,
'enabled': module.params['enabled']
}
_create_identity_provider(**params)
changed = True
result = 'created'
else:
if _identity_provider_exists(keystone, module.params['name']):
_delete_identity_provider(keystone, module.params['name'])
changed = True
result = 'deleted'
except Exception as e:
module.fail_json(msg="%s identity provider failed: %s" % (action, e))
module.exit_json(changed=changed, result=result, id=module.params['name'])
def main():
module = AnsibleModule(argument_spec=dict(
auth_url=dict(default=None, required=True),
username=dict(default=None, required=True),
password=dict(default=None, required=True),
project_name_to_auth=dict(default=None, required=True),
domain_name_to_auth=dict(default=None, required=True),
verify=dict(default=True, type='bool', required=False),
name=dict(default=None, required=True),
description=dict(default=None, required=False),
domain=dict(default=None, required=False),
state=dict(
default='present', required=False, choices=['present', 'absent']),
))
changed = False
result = None
action = "Creating" if module.params['state'] == 'present' else "Deleting"
try:
keystone = Client(
auth_url=module.params['auth_url'],
username=module.params['username'],
password=module.params['password'],
verify=module.params['verify'],
project_name=module.params['project_name_to_auth'],
project_domain_name=module.params['domain_name_to_auth'])
if module.params['state'] == 'present':
if not _group_exists(keystone, module.params['name']):
params = {
'client': keystone,
'group_name': module.params['name'],
'description': module.params['description'],
'domain': module.params['domain']
}
_create_group(**params)
changed = True
result = 'created'
else:
if _group_exists(keystone, module.params['name']):
_delete_group(keystone, module.params['name'])
changed = True
result = 'deleted'
except Exception as e:
module.fail_json(msg="%s group failed: %s" % (action, e))
module.exit_json(changed=changed, result=result, id=module.params['name'])
def main():
module = AnsibleModule(argument_spec=dict(
auth_url=dict(default=None, required=True),
username=dict(default=None, required=True),
password=dict(default=None, required=True),
project_name_to_auth=dict(default=None, required=True),
domain_name_to_auth=dict(default=None, required=True),
verify=dict(default=True, type='bool', required=False),
group=dict(default=None, required=True),
role=dict(default=None, required=True),
project=dict(default=None, required=False),
domain=dict(default=None, required=False),
state=dict(
default='present', required=False, choices=['present', 'absent']),
))
changed = False
result = None
action = "Adding" if module.params['state'] == 'present' else ""
try:
auth = v3.Password(
auth_url=module.params['auth_url'],
username=module.params['username'],
user_domain_name=module.params['domain_name_to_auth'],
password=module.params['password'],
project_name=module.params['project_name_to_auth'],
project_domain_name=module.params['domain_name_to_auth'])
client_session = session.Session(auth=auth,
verify=module.params['verify'])
keystone = Client(session=client_session)
if module.params['state'] == 'present':
params = {
'client': keystone,
'group_name': module.params['group'],
'project_name': module.params['project'],
'role': module.params['role'],
'domain': module.params['domain']
}
_add_role_to_group(**params)
changed = True
result = 'added'
except Exception as e:
module.fail_json(msg="%s role failed: %s" % (action, e))
module.exit_json(changed=changed, result=result, id=module.params['group'])
def get_keystone(self):
kauth = v3.Password(
auth_url=self.url,
password=self.password,
project_name=self.project,
project_domain_id=self.project_domain_id,
project_domain_name=self.project_domain_name,
username=self.username,
user_domain_id=self.user_domain_id,
user_domain_name=self.user_domain_name,
)
# session
ksession = session.Session(auth=kauth)
keystone = Client(session=ksession)
return ksession
def main():
module = AnsibleModule(argument_spec=dict(
auth_url=dict(default=None, required=True),
username=dict(default=None, required=True),
password=dict(default=None, required=True),
verify=dict(default=True, type='bool', required=False),
name=dict(default=None, required=True),
rules=dict(default=None, required=False),
state=dict(
default='present', required=False, choices=['present', 'absent']),
))
changed = False
result = None
action = "Creating" if module.params['state'] == 'present' else "Deleting"
try:
keystone = Client(auth_url=module.params['auth_url'],
username=module.params['username'],
password=module.params['password'],
verify=module.params['verify'])
if module.params['state'] == 'present':
if not _federation_mapping_exists(keystone, module.params['name']):
params = {
'client': keystone,
'mapping_id': module.params['name'],
'rules': yaml.load(module.params['rules'])
}
_create_federation_mapping(**params)
changed = True
result = 'created'
else:
if _federation_mapping_exists(keystone, module.params['name']):
_delete_federation_mapping(keystone, module.params['name'])
changed = True
result = 'deleted'
except Exception as e:
module.fail_json(msg="%s federation mapping failed: %s" % (action, e))
module.exit_json(changed=changed, result=result, id=module.params['name'])
#!/usr/bin/python
import sys
from lib import openstack
from keystoneclient.v3.client import Client
ostack = openstack.OpenStack('config.yaml')
sess = ostack.getSession()
client = Client(session=sess)
print(ostack.run(client, sys.argv))