Documentation

os_user - Manage OpenStack Identity Users

New in version 2.0.

Synopsis

Manage OpenStack Identity users. Users can be created, updated or deleted using this module. A user will be updated if name matches an existing user and state is present. The value for name cannot be updated without deleting and re-creating the user.

Requirements (on host that executes module)

  • python >= 2.6
  • python >= 2.7
  • shade

Options

parameter required default choices comments
api_timeout
no None
    How long should the socket layer wait before timing out for API calls. If this is omitted, nothing will be passed to the requests library.
    auth
    no
      Dictionary containing auth information as needed by the cloud's auth plugin strategy. For the default password plugin, this would contain auth_url, username, password, project_name and any information about domains if the cloud supports them. For other plugins, this param will need to contain whatever parameters that auth plugin requires. This parameter is not needed if a named cloud is provided or OpenStack OS_* environment variables are present.
      auth_type
      no password
        Name of the auth plugin to use. If the cloud uses something other than password authentication, the name of the plugin should be indicated here and the contents of the auth parameter should be updated accordingly.
        availability_zone
        no
          Name of the availability zone.
          cacert
          no None
            A path to a CA Cert bundle that can be used as part of verifying SSL API requests.
            cert
            no None
              A path to a client certificate to use as part of the SSL transaction
              cloud
              no
                Named cloud to operate against. Provides default values for auth and auth_type. This parameter is not needed if auth is provided or if OpenStack OS_* environment variables are present.
                default_project
                no None
                  Project name or ID that the user should be associated with by default
                  domain
                  no None
                    Domain to create the user in if the cloud supports domains
                    email
                    no None
                      Email address for the user
                      enabled
                      no True
                        Is the user enabled
                        endpoint_type
                        no public
                        • public
                        • internal
                        • admin
                        Endpoint URL type to fetch from the service catalog.
                        key
                        no None
                          A path to a client key to use as part of the SSL transaction
                          name
                          yes
                            Username for the user
                            password
                            no None
                              Password for the user
                              Required when state is present
                              region_name
                              no
                                Name of the region.
                                state
                                no present
                                • present
                                • absent
                                Should the resource be present or absent.
                                timeout
                                no 180
                                  How long should ansible wait for the requested resource.
                                  validate_certs
                                  no True
                                    Whether or not SSL API requests should be verified.

                                    aliases: verify
                                    wait
                                    no yes
                                    • yes
                                    • no
                                    Should ansible wait until the requested resource is complete.

                                    Examples

                                    # Create a user
                                    - os_user:
                                        cloud: mycloud
                                        state: present
                                        name: demouser
                                        password: secret
                                        email: demo@example.com
                                        domain: default
                                        default_project: demo
                                    
                                    # Delete a user
                                    - os_user:
                                        cloud: mycloud
                                        state: absent
                                        name: demouser
                                    

                                    Return Values

                                    Common return values are documented here Common Return Values, the following are the fields unique to this module:

                                    name description returned type sample
                                    user Dictionary describing the user. On success when I(state) is 'present' dictionary
                                    contains:
                                    name description returned type sample
                                    domain_id User domain ID. Only present with Keystone >= v3. string default
                                    default_project_id User default project ID. Only present with Keystone >= v3. string 4427115787be45f08f0ec22a03bfc735
                                    id User ID string f59382db809c43139982ca4189404650
                                    name User name string demouser
                                    email User email address string demo@example.com


                                    Notes

                                    Note

                                    The standard OpenStack environment variables, such as OS_USERNAME may be used instead of providing explicit values.

                                    Note

                                    Auth information is driven by os-client-config, which means that values can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml, then from standard environment variables, then finally by explicit parameters in plays. More information can be found at http://docs.openstack.org/developer/os-client-config

                                    This is a Core Module

                                    For more information on what this means please read Core Modules

                                    For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.