--- /dev/null
+require 'puppet/provider/keystone'
+require 'puppet/util/inifile'
+
+Puppet::Type.type(:keystone_domain).provide(
+ :openstack,
+ :parent => Puppet::Provider::Keystone
+) do
+
+ desc 'Provider that manages keystone domains'
+
+ @credentials = Puppet::Provider::Openstack::CredentialsV3.new
+
+ def initialize(value={})
+ super(value)
+ @property_flush = {}
+ end
+
+ def create
+ properties = [resource[:name]]
+ if resource[:enabled] == :true
+ properties << '--enable'
+ elsif resource[:enabled] == :false
+ properties << '--disable'
+ end
+ if resource[:description]
+ properties << '--description'
+ properties << resource[:description]
+ end
+ @property_hash = self.class.request('domain', 'create', properties)
+ @property_hash[:is_default] = sym_to_bool(resource[:is_default])
+ @property_hash[:ensure] = :present
+ ensure_default_domain(true)
+ end
+
+ def exists?
+ @property_hash[:ensure] == :present
+ end
+
+ def destroy
+ # have to disable first - Keystone does not allow you to delete an
+ # enabled domain
+ self.class.request('domain', 'set', [resource[:name], '--disable'])
+ self.class.request('domain', 'delete', resource[:name])
+ @property_hash[:ensure] == :absent
+ ensure_default_domain(false, true)
+ @property_hash.clear
+ end
+
+ def enabled=(value)
+ @property_flush[:enabled] = value
+ end
+
+ def enabled
+ bool_to_sym(@property_hash[:enabled])
+ end
+
+ def description=(value)
+ @property_flush[:description] = value
+ end
+
+ def description
+ @property_hash[:description]
+ end
+
+ def id
+ @property_hash[:id]
+ end
+
+ def is_default
+ bool_to_sym(@property_hash[:is_default])
+ end
+
+ def is_default=(value)
+ @property_flush[:is_default] = value
+ end
+
+ def ensure_default_domain(create, destroy=false, value=nil)
+ if !self.class.keystone_file
+ return
+ end
+ changed = false
+ curid = self.class.default_domain_id
+ newid = id
+ default = (is_default == :true)
+ if (default && create) || (!default && (value == :true))
+ # new default domain, or making existing domain the default domain
+ if curid != newid
+ self.class.keystone_file['identity']['default_domain_id'] = newid
+ changed = true
+ end
+ elsif (default && destroy) || (default && (value == :false))
+ # removing default domain, or making this domain not the default
+ if curid == newid
+ # can't delete from inifile, so just reset to default 'default'
+ self.class.keystone_file['identity']['default_domain_id'] = 'default'
+ changed = true
+ newid = 'default'
+ end
+ end
+ if changed
+ self.class.keystone_file.store
+ debug("The default_domain_id was changed from #{curid} to #{newid}")
+ end
+ end
+
+ def self.instances
+ request('domain', 'list').collect do |domain|
+ new(
+ :name => domain[:name],
+ :ensure => :present,
+ :enabled => domain[:enabled].downcase.chomp == 'true' ? true : false,
+ :description => domain[:description],
+ :id => domain[:id],
+ :is_default => domain[:id] == default_domain_id
+ )
+ end
+ end
+
+ def self.prefetch(resources)
+ domains = instances
+ resources.keys.each do |name|
+ if provider = domains.find{ |domain| domain.name == name }
+ resources[name].provider = provider
+ end
+ end
+ end
+
+ def flush
+ options = []
+ if @property_flush && !@property_flush.empty?
+ options << '--enable' if @property_flush[:enabled] == :true
+ options << '--disable' if @property_flush[:enabled] == :false
+ if @property_flush[:description]
+ options << '--description' << resource[:description]
+ end
+ self.class.request('domain', 'set', [resource[:name]] + options) unless options.empty?
+ if @property_flush[:is_default]
+ ensure_default_domain(false, false, @property_flush[:is_default])
+ end
+ @property_flush.clear
+ end
+ end
+end