Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
4.1.94.1.dev5 ▾
|
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import json
import traceback
import requests
import ssl
from ansible.module_utils.basic import AnsibleModule
from keystoneauth1 import session
from keystoneclient import client
from keystoneauth1.identity import v3
DOCUMENTATION = '''
---
module: trilio_os_user
short_description: Returns user list
options:
verify:
description:
- allow use of self-signed SSL certificates
required: no
type: boolean
default: True
cacert:
description:
- CA bundle file path
required: no
default: /etc/workloadmgr/ca-chain.pem
endpoint_type:
description:
- probe these endpoint types for version
required: no
choices: [ "admin", "internal", "public" ]
default: public
region_name:
description:
- region of service
required: no
default: RegionOne
auth_url:
description:
- keystone endpoint
required: yes
username:
description:
- keystone user name
required: yes
password:
description:
- keystone user password
required: yes
domain_id:
description:
- keystone domain id that user belongs to
required: no
default: default
state:
description:
- Create or delete the give user
required: no
choices: [ "present", "absent" ]
default: present
name:
description:
- name of the user to be created/deleted
required: yes
passwd:
description:
- Password of the new user
required: no
default: None
email:
description:
- Email address of new user
required: no
default: None
domain:
description:
- Domain id in which the user is to be created
required: no
default: default
service_project:
description:
- project id the user
required: no
default: default
default_project:
description:
- project id for authentication
required: no
default: default
update_password:
description:
- whether to always update password or only for new user
choices: ['on_create', 'always']
required: no
default: always
requirements: [ python-keystoneclient ]
author: Abhijeet Patra
'''
EXAMPLES = '''
examples:
trilio_os_user:
auth_url: http://192.182.0.1:5000/v3
username: admin
password: password
domain_id: default
verify: false
endpoint_type: admin
region_name: RegionOne
state: present
name: triliovault
passwd: triliopassword
update_password: on_create
email: exampl@example.com
domain: default
service_project: ca5be0c8ab194276968ea0daa05c0103
default_project: default
'''
def _validate_keystone_client_and_version(auth_url, username, password,
domain_id, endpoint_type,
insecure, cacert,
default_project):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_id=domain_id,
project_id=default_project)
sess = session.Session(auth=auth, verify=cacert)
return client.Client(session=sess,
auth_url=auth_url,
interface=endpoint_type,
insecure=insecure,
cacert=cacert)
def authenticate(keystone_auth_url, username, password, domain_id,
endpoint_type, verify, cacert, default_project):
"""Return a keystone client object"""
insecure = not verify
return _validate_keystone_client_and_version(keystone_auth_url, username,
password, domain_id,
endpoint_type, insecure,
cacert, default_project)
def create_user(keystone, user_name, passwd, region_name,
update_password, email, domain, service_project):
""" Create/update the given user and return its info """
os_domain = keystone.domains.get(domain=domain)
os_project = keystone.projects.get(project=service_project)
exist_user = keystone.users.list(domain=os_domain, name=user_name)
if exist_user:
if update_password == 'always':
user_info = keystone.users.update(user=exist_user[0],
password=passwd)
else:
user_info = exist_user[0]
else:
user_info = keystone.users.create(
name=user_name, password=passwd, domain=os_domain,
default_project=os_project.id, email=email)
if getattr(user_info, 'deafult_project', None):
user_info.default_project = user_info.deafult_project
elif getattr(user_info, 'default_project_id', None):
user_info.default_project = user_info.default_project_id
return dict(domain_id=user_info.domain_id,
default_project_id=user_info.default_project,
name=user_info.name,
id=user_info.id,
email=user_info.email)
def delete_user(keystone, user_name, domain, service_project):
""" Delete the user if exists """
os_domain = keystone.domains.get(domain=domain)
os_project = keystone.projects.get(project=service_project)
exist_user = keystone.users.list(domain=os_domain, name=user_name)
if exist_user:
keystone.users.delete(user=exist_user[0])
return True
def dispatch(keystone, user_name, passwd, region_name,
state, update_password, email, domain, service_project):
if state == 'present':
return dict(changed=False,
user=create_user(keystone, user_name, passwd, region_name,
update_password, email, domain, service_project))
elif state == 'absent':
return dict(changed=False,
deleted=delete_user(keystone, user_name,
domain, service_project))
else:
raise ValueError("Code should never reach here")
def main():
module = AnsibleModule(
argument_spec=dict(
auth_url=dict(required=False,
default="http://127.0.0.1:5000/v3",
aliases=['auth_url']),
username=dict(required=True),
password=dict(required=True, no_log=True),
domain_id=dict(required=False, default='default'),
verify=dict(required=False, default=True, type='bool',
aliases=['validate_certs']),
cacert=dict(required=False,
default='/etc/workloadmgr/ca-chain.pem'),
region_name=dict(required=False, default='RegionOne'),
state=dict(default='present', choices=['present', 'absent']),
endpoint_type=dict(default='public',
choices=["admin", "internal", "public"]),
name=dict(required=True),
passwd=dict(required=False, default=None, no_log=True),
update_password=dict(default='always',
choices=['on_create', 'always']),
email=dict(required=False, default=None),
domain=dict(required=False, default='default'),
default_project=dict(required=False, default='default'),
service_project=dict(required=False, default='default'),
),
)
auth_url = module.params['auth_url']
username = module.params['username']
password = module.params['password']
domain_id = module.params['domain_id']
verify = module.boolean(module.params['verify'])
cacert = module.params['cacert']
endpoint_type = module.params['endpoint_type']
region_name = module.params['region_name']
state = module.params['state']
user_name = module.params['name']
passwd = module.params['passwd']
update_password = module.params['update_password']
email = module.params['email']
domain = module.params['domain']
service_project = module.params['service_project']
default_project = module.params['default_project']
keystone = authenticate(auth_url, username, password, domain_id,
endpoint_type, verify, cacert, default_project)
try:
d = dispatch(keystone, user_name, passwd, region_name,
state, update_password, email, domain, service_project)
except Exception:
module.fail_json(msg=traceback.format_exc())
else:
module.exit_json(**d)
# this is magic, see lib/ansible/module_common.py
# <<INCLUDE_ANSIBLE_MODULE_COMMON>>
if __name__ == '__main__':
main()