--- /dev/null
+#
+# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
+#
+# Author: Emilien Macchi <emilien.macchi@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Definition: keystone::resource::service_identity
+#
+# This resource configures Keystone resources for an OpenStack service.
+#
+# == Parameters:
+#
+# [*password*]
+# Password to create for the service user;
+# string; required
+#
+# [*auth_name*]
+# The name of the service user;
+# string; optional; default to the $title of the resource, i.e. 'nova'
+#
+# [*service_name*]
+# Name of the service;
+# string; required
+#
+# [*service_type*]
+# Type of the service;
+# string; required
+#
+# [*service_description*]
+# Description of the service;
+# string; optional: default to '$name service'
+#
+# [*public_url*]
+# Public endpoint URL;
+# string; required
+#
+# [*internal_url*]
+# Internal endpoint URL;
+# string; required
+#
+# [*admin_url*]
+# Admin endpoint URL;
+# string; required
+#
+# [*region*]
+# Endpoint region;
+# string; optional: default to 'RegionOne'
+#
+# [*tenant*]
+# Service tenant;
+# string; optional: default to 'services'
+#
+# [*ignore_default_tenant*]
+# Ignore setting the default tenant value when the user is created.
+# string; optional: default to false
+#
+# [*roles*]
+# List of roles;
+# string; optional: default to ['admin']
+#
+# [*domain*]
+# User domain (keystone v3), not implemented yet.
+# string; optional: default to undef
+#
+# [*email*]
+# Service email;
+# string; optional: default to '$auth_name@localhost'
+#
+# [*configure_endpoint*]
+# Whether to create the endpoint.
+# string; optional: default to True
+#
+# [*configure_user*]
+# Whether to create the user.
+# string; optional: default to True
+#
+# [*configure_user_role*]
+# Whether to create the user role.
+# string; optional: default to True
+#
+# [*configure_service*]
+# Whether to create the service.
+# string; optional: default to True
+#
+define keystone::resource::service_identity(
+ $admin_url = false,
+ $internal_url = false,
+ $password = false,
+ $public_url = false,
+ $service_type = false,
+ $auth_name = $name,
+ $configure_endpoint = true,
+ $configure_user = true,
+ $configure_user_role = true,
+ $configure_service = true,
+ $domain = undef,
+ $email = "${name}@localhost",
+ $region = 'RegionOne',
+ $service_name = undef,
+ $service_description = "${name} service",
+ $tenant = 'services',
+ $ignore_default_tenant = false,
+ $roles = ['admin'],
+) {
+
+ if $domain {
+ warning('Keystone domains are not yet managed by puppet-keystone.')
+ }
+
+ if $service_name == undef {
+ $service_name_real = $auth_name
+ } else {
+ $service_name_real = $service_name
+ }
+
+ if $configure_user {
+ ensure_resource('keystone_user', $auth_name, {
+ 'ensure' => 'present',
+ 'enabled' => true,
+ 'password' => $password,
+ 'email' => $email,
+ 'tenant' => $tenant,
+ 'ignore_default_tenant' => $ignore_default_tenant,
+ })
+ }
+
+ if $configure_user_role {
+ ensure_resource('keystone_user_role', "${auth_name}@${tenant}", {
+ 'ensure' => 'present',
+ 'roles' => $roles,
+ })
+ if $configure_user {
+ Keystone_user[$auth_name] -> Keystone_user_role["${auth_name}@${tenant}"]
+ }
+ }
+
+ if $configure_service {
+ ensure_resource('keystone_service', $service_name_real, {
+ 'ensure' => 'present',
+ 'type' => $service_type,
+ 'description' => $service_description,
+ })
+ }
+
+ if $configure_endpoint {
+ ensure_resource('keystone_endpoint', "${region}/${service_name_real}", {
+ 'ensure' => 'present',
+ 'public_url' => $public_url,
+ 'admin_url' => $admin_url,
+ 'internal_url' => $internal_url,
+ })
+ }
+}