salt.states.keystone

Management of Keystone users

depends:

  • keystoneclient Python module

configuration:

See salt.modules.keystone for setup instructions.

Keystone tenants:
  keystone.tenant_present:
    - names:
      - admin
      - demo
      - service

Keystone roles:
  keystone.role_present:
    - names:
      - admin
      - Member

admin:
  keystone.user_present:
    - password: R00T_4CC3SS
    - email: admin@domain.com
    - roles:
        admin:   # tenants
          - admin  # roles
        service:
          - admin
          - Member
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

nova:
  keystone.user_present:
    - password: '$up3rn0v4'
    - email: nova@domain.com
    - tenant: service
    - roles:
        service:
          - admin
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

demo:
  keystone.user_present:
    - password: 'd3m0n$trati0n'
    - email: demo@domain.com
    - tenant: demo
    - roles:
        demo:
          - Member
    - require:
      - keystone: Keystone tenants
      - keystone: Keystone roles

nova service:
  keystone.service_present:
    - name: nova
    - service_type: compute
    - description: OpenStack Compute Service
salt.states.keystone.endpoint_absent(name, region=None, profile=None, interface=None, **connection_args)

Ensure that the endpoint for a service doesn't exist in Keystone catalog

name

The name of the service whose endpoints should not exist

region (optional)

The region of the endpoint. Defaults to RegionOne.

interface

The interface type, which describes the visibility of the endpoint. (for V3 API)

salt.states.keystone.endpoint_present(name, publicurl=None, internalurl=None, adminurl=None, region=None, profile=None, url=None, interface=None, **connection_args)

Ensure the specified endpoints exists for service

name

The Service name

publicurl

The public url of service endpoint (for V2 API)

internalurl

The internal url of service endpoint (for V2 API)

adminurl

The admin url of the service endpoint (for V2 API)

region

The region of the endpoint

url

The endpoint URL (for V3 API)

interface

The interface type, which describes the visibility of the endpoint. (for V3 API)

salt.states.keystone.project_absent(name, profile=None, **connection_args)

Ensure that the keystone project is absent. Alias for tenant_absent from V2 API to fulfill V3 API naming convention.

New in version 2016.11.0.

name

The name of the project that should not exist

delete_nova:
    keystone.project_absent:
        - name: nova
salt.states.keystone.project_present(name, description=None, enabled=True, profile=None, **connection_args)

Ensures that the keystone project exists Alias for tenant_present from V2 API to fulfill V3 API naming convention.

New in version 2016.11.0.

name

The name of the project to manage

description

The description to use for this project

enabled

Availability state for this project

nova:
    keystone.project_present:
        - enabled: True
        - description: 'Nova Compute Service'
salt.states.keystone.role_absent(name, profile=None, **connection_args)

Ensure that the keystone role is absent.

name

The name of the role that should not exist

salt.states.keystone.role_present(name, profile=None, **connection_args)

' Ensures that the keystone role exists

name

The name of the role that should be present

salt.states.keystone.service_absent(name, profile=None, **connection_args)

Ensure that the service doesn't exist in Keystone catalog

name

The name of the service that should not exist

salt.states.keystone.service_present(name, service_type, description=None, profile=None, **connection_args)

Ensure service present in Keystone catalog

name

The name of the service

service_type

The type of Openstack Service

description (optional)

Description of the service

salt.states.keystone.tenant_absent(name, profile=None, **connection_args)

Ensure that the keystone tenant is absent.

name

The name of the tenant that should not exist

salt.states.keystone.tenant_present(name, description=None, enabled=True, profile=None, **connection_args)

Ensures that the keystone tenant exists

name

The name of the tenant to manage

description

The description to use for this tenant

enabled

Availability state for this tenant

salt.states.keystone.user_absent(name, profile=None, **connection_args)

Ensure that the keystone user is absent.

name

The name of the user that should not exist

salt.states.keystone.user_present(name, password, email, tenant=None, enabled=True, roles=None, profile=None, password_reset=True, project=None, **connection_args)

Ensure that the keystone user is present with the specified properties.

name

The name of the user to manage

password

The password to use for this user.

Note

If the user already exists and a different password was set for the user than the one specified here, the password for the user will be updated. Please set the password_reset option to False if this is not the desired behavior.

password_reset

Whether or not to reset password after initial set. Defaults to True.

email

The email address for this user

tenant

The tenant (name) for this user

project

The project (name) for this user (overrides tenant in api v3)

enabled

Availability state for this user

roles

The roles the user should have under given tenants. Passed as a dictionary mapping tenant names to a list of roles in this tenant, i.e.:

roles:
    admin:   # tenant
      - admin  # role
    service:
      - admin
      - Member

Generated on October 23, 2024 at 09:02:05 UTC.

You are viewing docs for the previous stable release, 3006.9. Switch to docs for the latest stable release, 3007.1, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy