keystoneclient Python module
See salt.modules.keystone
for setup instructions.
Keystone tenants:
keystone.tenant_present:
- names:
- admin
- demo
- service
Keystone roles:
keystone.role_present:
- names:
- admin
- Member
admin:
keystone.user_present:
- password: R00T_4CC3SS
- email: admin@domain.com
- roles:
admin: # tenants
- admin # roles
service:
- admin
- Member
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
nova:
keystone.user_present:
- password: '$up3rn0v4'
- email: nova@domain.com
- tenant: service
- roles:
service:
- admin
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
demo:
keystone.user_present:
- password: 'd3m0n$trati0n'
- email: demo@domain.com
- tenant: demo
- roles:
demo:
- Member
- require:
- keystone: Keystone tenants
- keystone: Keystone roles
nova service:
keystone.service_present:
- name: nova
- service_type: compute
- description: OpenStack Compute Service
salt.states.keystone.
endpoint_absent
(name, region=None, profile=None, interface=None, **connection_args)¶Ensure that the endpoint for a service doesn't exist in Keystone catalog
The name of the service whose endpoints should not exist
The region of the endpoint. Defaults to RegionOne
.
The interface type, which describes the visibility of the endpoint. (for V3 API)
salt.states.keystone.
endpoint_present
(name, publicurl=None, internalurl=None, adminurl=None, region=None, profile=None, url=None, interface=None, **connection_args)¶Ensure the specified endpoints exists for service
The Service name
The public url of service endpoint (for V2 API)
The internal url of service endpoint (for V2 API)
The admin url of the service endpoint (for V2 API)
The region of the endpoint
The endpoint URL (for V3 API)
The interface type, which describes the visibility of the endpoint. (for V3 API)
salt.states.keystone.
project_absent
(name, profile=None, **connection_args)¶Ensure that the keystone project is absent. Alias for tenant_absent from V2 API to fulfill V3 API naming convention.
New in version 2016.11.0.
The name of the project that should not exist
delete_nova:
keystone.project_absent:
- name: nova
salt.states.keystone.
project_present
(name, description=None, enabled=True, profile=None, **connection_args)¶Ensures that the keystone project exists Alias for tenant_present from V2 API to fulfill V3 API naming convention.
New in version 2016.11.0.
The name of the project to manage
The description to use for this project
Availability state for this project
nova:
keystone.project_present:
- enabled: True
- description: 'Nova Compute Service'
salt.states.keystone.
role_absent
(name, profile=None, **connection_args)¶Ensure that the keystone role is absent.
The name of the role that should not exist
salt.states.keystone.
role_present
(name, profile=None, **connection_args)¶' Ensures that the keystone role exists
The name of the role that should be present
salt.states.keystone.
service_absent
(name, profile=None, **connection_args)¶Ensure that the service doesn't exist in Keystone catalog
The name of the service that should not exist
salt.states.keystone.
service_present
(name, service_type, description=None, profile=None, **connection_args)¶Ensure service present in Keystone catalog
The name of the service
The type of Openstack Service
Description of the service
salt.states.keystone.
tenant_absent
(name, profile=None, **connection_args)¶Ensure that the keystone tenant is absent.
The name of the tenant that should not exist
salt.states.keystone.
tenant_present
(name, description=None, enabled=True, profile=None, **connection_args)¶Ensures that the keystone tenant exists
The name of the tenant to manage
The description to use for this tenant
Availability state for this tenant
salt.states.keystone.
user_absent
(name, profile=None, **connection_args)¶Ensure that the keystone user is absent.
The name of the user that should not exist
salt.states.keystone.
user_present
(name, password, email, tenant=None, enabled=True, roles=None, profile=None, password_reset=True, project=None, **connection_args)¶Ensure that the keystone user is present with the specified properties.
The name of the user to manage
The password to use for this user.
Note
If the user already exists and a different password was set for
the user than the one specified here, the password for the user
will be updated. Please set the password_reset
option to
False
if this is not the desired behavior.
Whether or not to reset password after initial set. Defaults to
True
.
The email address for this user
The tenant (name) for this user
The project (name) for this user (overrides tenant in api v3)
Availability state for this user
The roles the user should have under given tenants. Passed as a dictionary mapping tenant names to a list of roles in this tenant, i.e.:
roles:
admin: # tenant
- admin # role
service:
- admin
- Member