Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
4.1.94.1.dev5 ▾
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
import traceback
from ansible.module_utils.basic import AnsibleModule
from keystoneauth1 import session
from keystoneclient import client
from keystoneauth1.identity import v3
DOCUMENTATION = '''
---
module: keystone_password
short_description: Updates service account password. Requires admin credentials
options:
insecure:
description:
- allow use of self-signed SSL certificates
required: no
choices: [ "yes", "no" ]
default: no
region:
description:
- region of service
required: no
default: RegionOne
auth_url:
description:
- keystone endpoint
required: yes
service:
description:
- name of the service
required: yes
old_password:
description:
- service account old password
required: yes
new_password:
description:
- service account new password
required: yes
admin_username:
description:
- keystone admin username
required: yes
admin_password:
description:
- keystone admin password
required: yes
admin_tenant_name:
description:
- keystone admin tenant name
required: yes
domain_name:
description:
- keystone domain that user belongs to
required: no
default: default
ignore_other_regions
description:
- ignore other regions other than what is asked for
required: no
default: true
requirements: [ python-keystoneclient ]
author: Murali Balcha
'''
EXAMPLES = '''
examples:
- name: Update triliovault service password
keystone_password:
old_password: "oldpassword"
new_password: "newpassword"
service: 'triliovault'
admin_username: "admin"
admin_password: "project1"
admin_tenant_name: "admin"
auth_url=http://192.168.206.130:5000/v2.0
domain_name: "default"
'''
def _validate_keystone_client_and_version(auth_url, username, password,
tenant_name, domain_name,
endpoint_type, insecure, cacert):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_id=domain_name)
sess = session.Session(auth=auth, verify=cacert)
keystone = client.Client(session=sess,
auth_url=auth_url,
interface=endpoint_type,
insecure=insecure,
cacert=cacert)
tenants = keystone.projects.list()
return (keystone, tenants)
def authenticate(keystone_auth_url, username, password, tenant_name,
domain_name, endpoint_type, insecure, cacert):
"""Return a keystone client object"""
keystone, tenants = _validate_keystone_client_and_version(
keystone_auth_url, username, password,
tenant_name, domain_name, endpoint_type, insecure, cacert)
return keystone
def dispatch(keystone, service, new_password):
for user in keystone.users.list():
if user.name == service:
return keystone.users.update(
user, password=new_password)
raise Exception("%s service not found" % service)
def main():
module = AnsibleModule(
argument_spec=dict(
auth_url=dict(required=True, aliases=['auth_url']),
insecure=dict(required=False, default=False, type='bool'),
cacert=dict(required=False,
default='/etc/workloadmgr/ca-chain.pem'),
endpoint_type=dict(required=False, default='public',
choices=['admin', 'internal', 'public']),
admin_username=dict(required=True),
admin_password=dict(required=True, no_log=True),
admin_tenant_name=dict(required=True, aliases=['tenant']),
domain_name=dict(required=False, default='default'),
old_password=dict(required=True, no_log=True),
new_password=dict(required=True, no_log=True),
service=dict(required=False, default='triliovault')
),
)
auth_url = module.params['auth_url']
username = module.params['admin_username']
password = module.params['admin_password']
tenant_name = module.params['admin_tenant_name']
endpoint_type = module.params['endpoint_type']
insecure = module.boolean(module.params['insecure'])
cacert = module.params['cacert']
domain_name = module.params['domain_name']
old_password = module.params['old_password']
new_password = module.params['new_password']
service = module.params['service']
keystone = authenticate(auth_url, username, password,
tenant_name, domain_name, endpoint_type,
insecure, cacert)
try:
if old_password == new_password:
raise Exception("old and new passwords are the same")
user = dispatch(keystone, service, new_password)
d = dict(changed=True, id=user.id)
except Exception:
module.fail_json(msg=traceback.format_exc())
else:
module.exit_json(**d)
# this is magic, see lib/ansible/module_common.py
# <<INCLUDE_ANSIBLE_MODULE_COMMON>>
if __name__ == '__main__':
main()