salt.modules.keystone

Module for handling openstack keystone calls.

optdepends:
  • keystoneclient Python adapter

configuration:

This module is not usable until the following are specified either in a pillar or in the minion's config file:

keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
keystone.verify_ssl: True

OR (for token based authentication)

keystone.token: 'ADMIN'
keystone.endpoint: 'http://127.0.0.1:35357/v2.0'

If configuration for multiple openstack accounts is required, they can be set up as different configuration profiles. For example:

openstack1:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
  keystone.verify_ssl: True

openstack2:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
  keystone.verify_ssl: True

With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. For example:

salt '*' keystone.tenant_list profile=openstack1
salt.modules.keystone.api_version(profile=None, **connection_args)

Returns the API version derived from endpoint's response.

CLI Example:

salt '*' keystone.api_version
salt.modules.keystone.auth(profile=None, **connection_args)

Set up keystone credentials. Only intended to be used within Keystone-enabled modules.

CLI Example:

salt '*' keystone.auth
salt.modules.keystone.ec2_credentials_create(user_id=None, name=None, tenant_id=None, tenant=None, profile=None, **connection_args)

Create EC2-compatible credentials for user per tenant

CLI Examples:

salt '*' keystone.ec2_credentials_create name=admin tenant=admin

salt '*' keystone.ec2_credentials_create         user_id=c965f79c4f864eaaa9c3b41904e67082         tenant_id=722787eb540849158668370dc627ec5f
salt.modules.keystone.ec2_credentials_delete(user_id=None, name=None, access_key=None, profile=None, **connection_args)

Delete EC2-compatible credentials

CLI Examples:

salt '*' keystone.ec2_credentials_delete         860f8c2c38ca4fab989f9bc56a061a64 access_key=5f66d2f24f604b8bb9cd28886106f442

salt '*' keystone.ec2_credentials_delete name=admin         access_key=5f66d2f24f604b8bb9cd28886106f442
salt.modules.keystone.ec2_credentials_get(user_id=None, name=None, access=None, profile=None, **connection_args)

Return ec2_credentials for a user (keystone ec2-credentials-get)

CLI Examples:

salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370
salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370
salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f
salt.modules.keystone.ec2_credentials_list(user_id=None, name=None, profile=None, **connection_args)

Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)

CLI Examples:

salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list name=jack
salt.modules.keystone.endpoint_create(service, publicurl=None, internalurl=None, adminurl=None, region=None, profile=None, url=None, interface=None, **connection_args)

Create an endpoint for an Openstack service

CLI Examples:

salt 'v2' keystone.endpoint_create nova 'http://public/url' 'http://internal/url' 'http://adminurl/url' region

salt 'v3' keystone.endpoint_create nova url='http://public/url' interface='public' region='RegionOne'
salt.modules.keystone.endpoint_delete(service, region=None, profile=None, interface=None, **connection_args)

Delete endpoints of an Openstack service

CLI Examples:

salt 'v2' keystone.endpoint_delete nova [region=RegionOne]

salt 'v3' keystone.endpoint_delete nova interface=admin [region=RegionOne]
salt.modules.keystone.endpoint_get(service, region=None, profile=None, interface=None, **connection_args)

Return a specific endpoint (keystone endpoint-get)

CLI Example:

salt 'v2' keystone.endpoint_get nova [region=RegionOne]

salt 'v3' keystone.endpoint_get nova interface=admin [region=RegionOne]
salt.modules.keystone.endpoint_list(profile=None, **connection_args)

Return a list of available endpoints (keystone endpoints-list)

CLI Example:

salt '*' keystone.endpoint_list
salt.modules.keystone.project_create(name, domain, description=None, enabled=True, profile=None, **connection_args)

Create a keystone project. Overrides keystone tenant_create form api V2. For keystone api V3.

New in version 2016.11.0.

name

The project name, which must be unique within the owning domain.

domain

The domain name.

description

The project description.

enabled

Enables or disables the project.

profile

Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_create nova default description='Nova Compute Project'
salt '*' keystone.project_create test default enabled=False
salt.modules.keystone.project_delete(project_id=None, name=None, profile=None, **connection_args)

Delete a project (keystone project-delete). Overrides keystone tenant-delete form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id

The project id.

name

The project name.

profile

Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_delete project_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_delete name=demo
salt.modules.keystone.project_get(project_id=None, name=None, profile=None, **connection_args)

Return a specific projects (keystone project-get) Overrides keystone tenant-get form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id

The project id.

name

The project name.

profile

Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_get project_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_get name=nova
salt.modules.keystone.project_list(profile=None, **connection_args)

Return a list of available projects (keystone projects-list). Overrides keystone tenants-list form api V2. For keystone api V3 only.

New in version 2016.11.0.

profile

Configuration profile - if configuration for multiple openstack accounts required.

CLI Example:

salt '*' keystone.project_list
salt.modules.keystone.project_update(project_id=None, name=None, description=None, enabled=None, profile=None, **connection_args)

Update a tenant's information (keystone project-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID

Overrides keystone tenant_update form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id

The project id.

name

The project name, which must be unique within the owning domain.

description

The project description.

enabled

Enables or disables the project.

profile

Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_update name=admin enabled=True
salt '*' keystone.project_update c965f79c4f864eaaa9c3b41904e67082 name=admin email=admin@domain.com
salt.modules.keystone.role_create(name, profile=None, **connection_args)

Create a named role.

CLI Example:

salt '*' keystone.role_create admin
salt.modules.keystone.role_delete(role_id=None, name=None, profile=None, **connection_args)

Delete a role (keystone role-delete)

CLI Examples:

salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete name=admin
salt.modules.keystone.role_get(role_id=None, name=None, profile=None, **connection_args)

Return a specific roles (keystone role-get)

CLI Examples:

salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get name=nova
salt.modules.keystone.role_list(profile=None, **connection_args)

Return a list of available roles (keystone role-list)

CLI Example:

salt '*' keystone.role_list
salt.modules.keystone.service_create(name, service_type, description=None, profile=None, **connection_args)

Add service to Keystone service catalog

CLI Examples:

salt '*' keystone.service_create nova compute 'OpenStack Compute Service'
salt.modules.keystone.service_delete(service_id=None, name=None, profile=None, **connection_args)

Delete a service from Keystone service catalog

CLI Examples:

salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_delete name=nova
salt.modules.keystone.service_get(service_id=None, name=None, profile=None, **connection_args)

Return a specific services (keystone service-get)

CLI Examples:

salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get name=nova
salt.modules.keystone.service_list(profile=None, **connection_args)

Return a list of available services (keystone services-list)

CLI Example:

salt '*' keystone.service_list
salt.modules.keystone.tenant_create(name, description=None, enabled=True, profile=None, **connection_args)

Create a keystone tenant

CLI Examples:

salt '*' keystone.tenant_create nova description='nova tenant'
salt '*' keystone.tenant_create test enabled=False
salt.modules.keystone.tenant_delete(tenant_id=None, name=None, profile=None, **connection_args)

Delete a tenant (keystone tenant-delete)

CLI Examples:

salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete name=demo
salt.modules.keystone.tenant_get(tenant_id=None, name=None, profile=None, **connection_args)

Return a specific tenants (keystone tenant-get)

CLI Examples:

salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get name=nova
salt.modules.keystone.tenant_list(profile=None, **connection_args)

Return a list of available tenants (keystone tenants-list)

CLI Example:

salt '*' keystone.tenant_list
salt.modules.keystone.tenant_update(tenant_id=None, name=None, description=None, enabled=None, profile=None, **connection_args)

Update a tenant's information (keystone tenant-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID

CLI Examples:

salt '*' keystone.tenant_update name=admin enabled=True
salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin email=admin@domain.com
salt.modules.keystone.token_get(profile=None, **connection_args)

Return the configured tokens (keystone token-get)

CLI Example:

salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082
salt.modules.keystone.user_create(name, password, email, tenant_id=None, enabled=True, profile=None, project_id=None, description=None, **connection_args)

Create a user (keystone user-create)

CLI Examples:

salt '*' keystone.user_create name=jack password=zero email=jack@halloweentown.org         tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True
salt.modules.keystone.user_delete(user_id=None, name=None, profile=None, **connection_args)

Delete a user (keystone user-delete)

CLI Examples:

salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete name=nova
salt.modules.keystone.user_get(user_id=None, name=None, profile=None, **connection_args)

Return a specific users (keystone user-get)

CLI Examples:

salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get name=nova
salt.modules.keystone.user_list(profile=None, **connection_args)

Return a list of available users (keystone user-list)

CLI Example:

salt '*' keystone.user_list
salt.modules.keystone.user_password_update(user_id=None, name=None, password=None, profile=None, **connection_args)

Update a user's password (keystone user-password-update)

CLI Examples:

salt '*' keystone.user_password_update c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update name=nova password=12345
salt.modules.keystone.user_role_add(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, project_id=None, project_name=None, **connection_args)

Add role for user in tenant (keystone user-role-add)

CLI Examples:

salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin
salt.modules.keystone.user_role_list(user_id=None, tenant_id=None, user_name=None, tenant_name=None, profile=None, project_id=None, project_name=None, **connection_args)

Return a list of available user_roles (keystone user-roles-list)

CLI Examples:

salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b
salt '*' keystone.user_role_list user_name=admin tenant_name=admin
salt.modules.keystone.user_role_remove(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, project_id=None, project_name=None, **connection_args)

Remove role for user in tenant (keystone user-role-remove)

CLI Examples:

salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
salt.modules.keystone.user_update(user_id=None, name=None, email=None, enabled=None, tenant=None, profile=None, project=None, description=None, **connection_args)

Update a user's information (keystone user-update) The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required.

CLI Examples:

salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname
salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname email=newemail@domain.com
salt.modules.keystone.user_verify_password(user_id=None, name=None, password=None, profile=None, **connection_args)

Verify a user's password

CLI Examples:

salt '*' keystone.user_verify_password name=test password=foobar
salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar