Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
4.1.94.1.dev5 ▾
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
import json
import traceback
import requests
import ssl
from ansible.module_utils.basic import AnsibleModule
from keystoneauth1 import session
from keystoneclient import client
from keystoneauth1.identity import v3
DOCUMENTATION = '''
---
module: trilio_os_user_role
short_description: Grant/Revoke roles to/from user
options:
verify:
description:
- allow use of self-signed SSL certificates
required: no
type: boolean
default: True
endpoint_type:
description:
- probe these endpoint types for version
required: no
choices: [ "admin", "internal", "public" ]
default: public
region_name:
description:
- region of service
required: no
default: RegionOne
auth_url:
description:
- keystone endpoint
required: yes
username:
description:
- keystone user name
required: yes
password:
description:
- keystone user password
required: yes
domain_id:
description:
- keystone domain id that user belongs to
required: no
default: default
default_project:
description:
- project id for keystone authentication
required: no
default: default
state:
description:
- Create or delete the give user
required: no
choices: [ "present", "absent" ]
default: present
user_id:
description:
- Id of the user
required: yes
role:
description:
- Role to be assigned/revoked
required: yes
project:
description:
- project id for which user is to be granted or revoked the role
required: no
default: default
requirements: [ python-keystoneclient ]
author: Abhijeet Patra
'''
EXAMPLES = '''
examples:
trilio_os_user_role:
auth_url: http://192.182.0.1:5000/v3
username: admin
password: password
domain_id: defult
verify: false
endpoint_type: admin
region_name: RegionOne
state: present
user_id: 4c02ce14a39a499098fa0f74c6f88529
role: admin
project: ca5be0c8ab194276968ea0daa05c0103
'''
def _validate_keystone_client_and_version(auth_url, username, password,
domain_id, endpoint_type,
insecure, cacert, default_project):
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_id=domain_id,
project_id=default_project)
sess = session.Session(auth=auth, verify=cacert)
return client.Client(session=sess,
auth_url=auth_url,
interface=endpoint_type,
insecure=insecure,
cacert=cacert)
def authenticate(keystone_auth_url, username, password, domain_id,
endpoint_type, verify, cacert, default_project):
"""Return a keystone client object"""
insecure = not verify
return _validate_keystone_client_and_version(keystone_auth_url,
username, password, domain_id, endpoint_type, insecure,
cacert, default_project)
def add_user_role(keystone, user_id, role, project):
""" add to user given role """
os_project = keystone.projects.get(project=project)
os_role = keystone.roles.list(name=role)
os_user = keystone.users.get(user=user_id)
if os_role:
role_type = keystone.roles.grant(user=os_user, role=os_role[0],
project=os_project)
else:
raise ValueError("Invalid Role, no such role found")
return True
def revoke_user_role(keystone, user_id, role, project):
""" Revoke the defined role from the user """
os_project = keystone.projects.get(project=project)
os_role = keystone.roles.list(name=role)
os_user = keystone.users.get(user=user_id)
if os_role:
role_type = keystone.roles.revoke(user=os_user, role=os_role[0],
project=os_project)
else:
raise ValueError("Invalid Role, no such role found")
return True
def dispatch(keystone, user_id, role, state, project):
if state == 'present':
return dict(changed=False,
added=add_user_role(keystone, user_id, role, project))
elif state == 'absent':
return dict(changed=False,
revoked=revoke_user_role(keystone, user_id, role, project))
else:
raise ValueError("Code should never reach here")
def main():
module = AnsibleModule(
argument_spec=dict(
auth_url=dict(required=False,
default="http://127.0.0.1:5000/v2.0",
aliases=['auth_url']),
username=dict(required=True),
password=dict(required=True, no_log=True),
domain_id=dict(required=False, default='default'),
verify=dict(required=False, default=True, type='bool',
aliases=['validate_certs']),
cacert=dict(required=False,
default='/etc/workloadmgr/ca-chain.pem'),
region_name=dict(required=False, default='RegionOne'),
state=dict(default='present', choices=['present', 'absent']),
endpoint_type=dict(default='public',
choices=["admin", "internal", "public"]),
user_id=dict(required=True),
role=dict(required=True),
default_project=dict(required=False, default='default'),
project=dict(required=False, default='default'),
),
)
auth_url = module.params['auth_url']
username = module.params['username']
password = module.params['password']
domain_id = module.params['domain_id']
verify = module.boolean(module.params['verify'])
cacert = module.params['cacert']
endpoint_type = module.params['endpoint_type']
region_name = module.params['region_name']
state = module.params['state']
user_id = module.params['user_id']
role = module.params['role']
default_project = module.params['default_project']
project = module.params['project']
keystone = authenticate(auth_url, username, password, domain_id,
endpoint_type, verify, cacert, default_project)
try:
d = dispatch(keystone, user_id, role, state, project)
except Exception:
module.fail_json(msg=traceback.format_exc())
else:
module.exit_json(**d)
# this is magic, see lib/ansible/module_common.py
# <<INCLUDE_ANSIBLE_MODULE_COMMON>>
if __name__ == '__main__':
main()