| {%- from "keystone/map.jinja" import client with context %} |
| {%- set resources = client.get('resources', {}).get('v3', {}) %} |
| |
| {%- if resources.get('enabled', False) %} |
| |
| {% for role_name,role in resources.get('roles', {}).iteritems() %} |
| {%- if role.enabled %} |
| |
| {%- if role.get('status', 'present') == 'present' %} |
| |
| keystone_role_{{ role_name }}: |
| keystonev3.role_present: |
| - cloud_name: {{ role.get('cloud_name', resources.cloud_name) }} |
| {#- The role name is not uniq among domains, use name here to have ability create #} |
| {#- roles with the same name in different domains #} |
| - name: {{ role.name }} |
| {%- if role.domain_id is defined %} |
| - domain_id: {{ role.domain_id }} |
| {%- endif %} |
| |
| {%- elif role.get('status', 'present') == 'absent' %} |
| |
| keystone_role_{{ role_name }}: |
| keystonev3.role_absent: |
| - cloud_name: {{ role.get('cloud_name', resources.cloud_name) }} |
| - name: {{ role_name }} |
| |
| {%- endif %} |
| |
| {%- endif %} |
| {%- endfor %} |
| |
| {%- for service_name,service in resources.get('services', {}).iteritems() %} |
| {%- if service.get('status', 'present') == 'present' %} |
| |
| keystone_service_{{ service_name }}_{{ service.type }}: |
| keystonev3.service_present: |
| - cloud_name: {{ service.get('cloud_name', resources.cloud_name) }} |
| - name: {{ service_name }} |
| - type: {{ service.type }} |
| {%- if service.description is defined %} |
| - description: {{ service.description }} |
| {%- endif %} |
| {%- if service.enabled is defined %} |
| - enabled: {{ service.enabled }} |
| {%- endif %} |
| |
| {%- elif service.get('status', 'present') == 'absent' %} |
| |
| keystone_service_{{ service_name }}_{{ service.type }}_absent: |
| keystonev3.service_absent: |
| - cloud_name: {{ service.get('cloud_name', resources.cloud_name) }} |
| - name: {{ service_name }} |
| |
| {%- endif %} |
| |
| {%- for endpoint_name, endpoint in service.get('endpoints', {}).iteritems() %} |
| {%- if endpoint.get('status', 'present') == 'present' %} |
| |
| keystone_endpoint_{{ endpoint_name }}_{{ endpoint.interface }}_{{ endpoint.region }}: |
| keystonev3.endpoint_present: |
| - name: {{ endpoint_name }} |
| - cloud_name: {{ endpoint.get('cloud_name', resources.cloud_name) }} |
| - url: {{ endpoint.url }} |
| - interface: {{ endpoint.interface }} |
| - service_id: {{ service_name }} |
| - region_id: {{ endpoint.region }} |
| - require: |
| - keystone_service_{{ service_name }}_{{ service.type }} |
| |
| {%- elif endpoint.get('status', 'present') == 'absent' %} |
| |
| keystone_endpoint_{{ endpoint_name }}_{{ endpoint.interface }}_{{ endpoint.region }}_absent: |
| keystonev3.endpoint_absent: |
| - name: {{ endpoint_name }} |
| - cloud_name: {{ endpoint.get('cloud_name', resources.cloud_name) }} |
| - interface: {{ endpoint.interface }} |
| - service_id: {{ service_name }} |
| |
| {%- endif %} |
| {%- endfor %} |
| |
| {%- endfor %} |
| |
| {% for domain_name, domain in resources.get('domains', {}).iteritems() %} |
| {%- if domain.get('status', 'present') == 'present' %} |
| |
| keystone_domain_{{ domain_name }}: |
| keystonev3.domain_present: |
| - cloud_name: {{ domain.get('cloud_name', resources.cloud_name) }} |
| - name: {{ domain_name }} |
| {%- if domain.description is defined %} |
| - description: {{ domain.description }} |
| {%- endif %} |
| {%- if domain.enabled is defined %} |
| - enabled: {{ domain.enabled }} |
| {%- endif %} |
| {%- if domain.tags is defined %} |
| - tags: {{ domain.tags }} |
| {%- endif %} |
| |
| {%- elif domain.get('status', 'present') == 'absent' %} |
| |
| keystone_domain_{{ domain_name }}_absent: |
| keystonev3.domain_absent: |
| - name: {{ domain_name }} |
| - cloud_name: {{ domain.get('cloud_name', resources.cloud_name) }} |
| {%- if domain.force_delete is defined %} |
| - force_delete: {{ domain.force_delete }} |
| {%- endif %} |
| |
| {%- endif %} |
| |
| {%- for project_name, project in domain.get('projects', {}).iteritems() %} |
| {%- if project.get('status', 'present') == 'present' %} |
| |
| keystone_project_{{ project_name }}: |
| keystonev3.project_present: |
| - cloud_name: {{ project.get('cloud_name', resources.cloud_name) }} |
| - name: {{ project_name }} |
| - domain_id: {{ project.get('domain_id', 'default')}} |
| {%- if project.is_domain is defined %} |
| - is_domain: {{ project.is_domain }} |
| {%- endif %} |
| {%- if project.description is defined %} |
| - description: {{ project.description }} |
| {%- endif %} |
| {%- if project.enabled is defined %} |
| - enabled: {{ project.enabled }} |
| {%- endif %} |
| {%- if project.parent_id is defined %} |
| - parent_id: {{ project.parent_id }} |
| {%- endif %} |
| {%- if project.tags is defined %} |
| - tags: {{ project.tags }} |
| {%- endif %} |
| |
| {%- elif project.get('status', 'present') == 'absent' %} |
| |
| keystone_project_{{ project_name }}_absent: |
| keystonev3.project_absent: |
| - cloud_name: {{ project.get('cloud_name', resources.cloud_name) }} |
| - name: {{ project_name }} |
| |
| {%- endif %} |
| {%- endfor %} |
| |
| {%- endfor %} |
| |
| {%- for user_name, user in resources.get('users', {}).iteritems() %} |
| {%- if user.get('status', 'present') == 'present' %} |
| |
| keystone_user_{{ user_name }}: |
| keystonev3.user_present: |
| - cloud_name: {{ user.get('cloud_name', resources.cloud_name) }} |
| - name: {{ user_name }} |
| {%- if user.default_project_id is defined %} |
| - default_project_id: {{ user.default_project_id }} |
| {%- endif %} |
| {%- if user.domain_id is defined %} |
| - domain_id: {{ user.domain_id }} |
| {%- endif %} |
| {%- if user.enabled is defined %} |
| - enabled: {{ user.enabled }} |
| {%- endif %} |
| {%- if user.password is defined %} |
| - password: {{ user.password }} |
| {%- endif %} |
| {%- if user.email is defined %} |
| - email: {{ user.email }} |
| {%- endif %} |
| {%- if user.password_reset is defined %} |
| - password_reset: {{ user.password_reset }} |
| {%- endif %} |
| |
| {%- elif user.get('status', 'present') == 'absent' %} |
| |
| keystone_user_{{ user_name }}_absent: |
| keystonev3.user_absent: |
| - cloud_name: {{ user.get('cloud_name', resources.cloud_name) }} |
| - name: {{ user_name }} |
| |
| {%- endif %} |
| |
| {%- for role_name,role in user.get('roles', {}).iteritems() %} |
| {%- if role.get('status', 'assigned') == 'assigned' %} |
| |
| keystone_user_{{ user_name }}_role_{{ role.name }}_assigned: |
| keystonev3.user_role_assigned: |
| - name: {{ user_name }} |
| - role_id: {{ role.name }} |
| - cloud_name: {{ user.get('cloud_name', resources.cloud_name) }} |
| {%- if role.domain_id is defined %} |
| - domain_id: {{ role.domain_id }} |
| {%- endif %} |
| {%- if role.project_id is defined %} |
| - project_id: {{ role.project_id }} |
| {%- endif %} |
| {%- if role.role_domain_id is defined %} |
| - role_domain_id: {{ role.role_domain_id }} |
| {%- endif %} |
| |
| {%- elif role.get('status', 'assigned') == 'unassigned' %} |
| |
| keystone_user_{{ user_name }}_role_{{ role.name }}_unassign: |
| keystonev3.user_role_unassign: |
| - name: {{ user_name }} |
| - role_id: {{ role.name }} |
| - cloud_name: {{ user.get('cloud_name', resources.cloud_name) }} |
| {%- if role.domain_id is defined %} |
| - domain_id: {{ role.domain_id }} |
| {%- endif %} |
| {%- if role.project_id is defined %} |
| - project_id: {{ role.project_id }} |
| {%- endif %} |
| {%- if role.role_domain_id is defined %} |
| - role_domain_id: {{ role.role_domain_id }} |
| {%- endif %} |
| |
| {%- endif %} |
| {%- endfor %} |
| |
| {%- endfor %} |
| |
| {%- endif %} |