Class: Puppet::Provider::Keystone

Inherits:

Openstack

• Object
• Openstack
• Puppet::Provider::Keystone

Extended by:

Openstack::Auth

Defined in:

lib/puppet/provider/keystone.rb

Constant Summary

INI_FILENAME =

'/etc/keystone/keystone.conf'

DEFAULT_DOMAIN =

'Default'

@@default_domain_id =

nil

Class Method Summary

• .auth_endpoint ⇒ Object
• .conf_filename ⇒ Object
• .default_domain ⇒ Object
• .default_domain_changed ⇒ Object
• .default_domain_deprecation_message ⇒ Object
• .default_domain_from_ini_file ⇒ Object
• .default_domain_id ⇒ Object
• .domain_id_from_name(name) ⇒ Object
• .domain_name_from_id(id) ⇒ Object
• .fetch_project(name, domain) ⇒ Object
• .fetch_user(name, domain) ⇒ Object
• .get_auth_endpoint ⇒ Object
• .get_auth_url ⇒ Object
• .get_keystone_puppet_credentials ⇒ Object
• .ini_filename ⇒ Object
• .keystone_file ⇒ Object
• .keystone_puppet_conf ⇒ Object
• .keystone_puppet_credentials ⇒ Object
• .keystone_request(service, action, error, properties = nil) ⇒ Object
• .make_full_name(name) ⇒ Object

  Prefix with default domain if missing from the name.

• .name_to_resource(name) ⇒ Object
• .project_id_from_name_and_domain_name(name, domain_name) ⇒ Object
• .request(service, action, properties = nil, options = {}) ⇒ Object
• .resource_to_name(domain, name, check_for_default = true) ⇒ Object
• .set_domain_for_name(name, domain_name) ⇒ Object
• .user_id_from_name_and_domain_name(name, domain_name) ⇒ Object

Instance Method Summary

• #bool_to_sym(bool) ⇒ Object

  Helper functions to use on the pre-validated enabled field.

• #keystone_puppet_credentials ⇒ Object
• #sym_to_bool(sym) ⇒ Object

Class Method Details

.auth_endpoint ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 71

def self.auth_endpoint
  @auth_endpoint ||= get_auth_endpoint
end

.conf_filename ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 16

def self.conf_filename
  '/etc/keystone/puppet.conf'
end

.default_domain ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 110

def self.default_domain
  DEFAULT_DOMAIN
end

.default_domain_changed ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 98

def self.default_domain_changed
  default_domain_id != 'default'
end

.default_domain_deprecation_message ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 102

def self.default_domain_deprecation_message
  'Support for a resource without the domain ' \
    'set is deprecated in Liberty cycle. ' \
    'It will be dropped in the M-cycle. ' \
    "Currently using '#{default_domain}' as default domain name " \
    "while the default domain id is '#{default_domain_id}'."
end

.default_domain_from_ini_file ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 75

def self.default_domain_from_ini_file
  default_domain_from_conf = Puppet::Resource.indirection
    .find('Keystone_config/identity/default_domain_id')
  if default_domain_from_conf[:ensure] == :present
    # get from ini file
    default_domain_from_conf[:value][0]
  else
    nil
  end
rescue
  nil
end

.default_domain_id ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 88

def self.default_domain_id
  if @@default_domain_id
    # cached
    @@default_domain_id
  else
    @@default_domain_id = default_domain_from_ini_file
  end
  @@default_domain_id = @@default_domain_id.nil? ? 'default' : @@default_domain_id
end

.domain_id_from_name(name) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 188

def self.domain_id_from_name(name)
  unless @domain_hash_name
    list = request('domain', 'list')
    @domain_hash_name = Hash[list.collect{|domain| [domain[:name], domain[:id]]}]
  end
  unless @domain_hash_name.include?(name)
    domain = request('domain', 'show', name)
    if domain && domain.key?(:id)
      @domain_hash_name[name] = domain[:id]
    else
      err("Could not find domain with name [#{name}]")
    end
  end
  @domain_hash_name[name]
end

.domain_name_from_id(id) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 168

def self.domain_name_from_id(id)
  unless @domain_hash
    list = request('domain', 'list')
    if list.nil?
      err("Could not list domains")
    else
      @domain_hash = Hash[list.collect{|domain| [domain[:id], domain[:name]]}]
    end
  end
  unless @domain_hash.include?(id)
    domain = request('domain', 'show', id)
    if domain && domain.key?(:name)
      @domain_hash[id] = domain[:name]
    else
      err("Could not find domain with id [#{id}]")
    end
  end
  @domain_hash[id]
end

.fetch_project(name, domain) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 204

def self.fetch_project(name, domain)
  domain ||= default_domain
  request('project', 'show',
          [name, '--domain', domain],
          {:no_retry_exception_msgs => /No project with a name or ID/})
rescue Puppet::ExecutionFailure => e
  raise e unless e.message =~ /No project with a name or ID/
end

.fetch_user(name, domain) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 213

def self.fetch_user(name, domain)
  domain ||= default_domain
  request('user', 'show',
          [name, '--domain', domain],
          {:no_retry_exception_msgs => /No user with a name or ID/})
rescue Puppet::ExecutionFailure => e
  raise e unless e.message =~ /No user with a name or ID/
end

.get_auth_endpoint ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 66

def self.get_auth_endpoint
  q = keystone_puppet_credentials
  "#{q['auth_url']}"
end

.get_auth_url ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 222

def self.get_auth_url
  auth_url = nil
  if ENV['OS_AUTH_URL']
    auth_url = ENV['OS_AUTH_URL'].dup
  elsif auth_url = get_os_vars_from_rcfile(rc_filename)['OS_AUTH_URL']
  else
    auth_url = auth_endpoint
  end
  return auth_url
end

.get_keystone_puppet_credentials ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 27

def self.get_keystone_puppet_credentials
  auth_keys = ['auth_url', 'project_name', 'username', 'password']

  conf = keystone_puppet_conf ? keystone_puppet_conf['keystone_authtoken'] : {}

  if conf and auth_keys.all?{|k| !conf[k].nil?}
    creds = Hash[ auth_keys.map { |k| [k, conf[k].strip] } ]

    if conf['project_domain_name']
      creds['project_domain_name'] = conf['project_domain_name']
    else
      creds['project_domain_name'] = 'Default'
    end

    if conf['user_domain_name']
      creds['user_domain_name'] = conf['user_domain_name']
    else
      creds['user_domain_name'] = 'Default'
    end

    if conf['region_name']
      creds['region_name'] = conf['region_name']
    end

    return creds
  else
    raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
          "required configuration keys. Cannot authenticate to Keystone.")
  end
end

.ini_filename ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 233

def self.ini_filename
  INI_FILENAME
end

.keystone_file ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 237

def self.keystone_file
  return @keystone_file if @keystone_file
  if File.exists?(ini_filename)
    @keystone_file = Puppet::Util::IniConfig::File.new
    @keystone_file.read(ini_filename)
    @keystone_file
  end
end

.keystone_puppet_conf ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 20

def self.keystone_puppet_conf
  return @keystone_puppet_conf if @keystone_puppet_conf
  @keystone_puppet_conf = Puppet::Util::IniConfig::File.new
  @keystone_puppet_conf.read(conf_filename)
  @keystone_puppet_conf
end

.keystone_puppet_credentials ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 58

def self.keystone_puppet_credentials
  @keystone_puppet_credentials ||= get_keystone_puppet_credentials
end

.keystone_request(service, action, error, properties = nil) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 252

def self.keystone_request(service, action, error, properties=nil)
  properties ||= []
  @credentials.username = keystone_puppet_credentials['username']
  @credentials.password = keystone_puppet_credentials['password']
  @credentials.project_name = keystone_puppet_credentials['project_name']
  @credentials.auth_url = auth_endpoint
  if keystone_puppet_credentials['region_name']
    @credentials.region_name = keystone_puppet_credentials['region_name']
  end
  if @credentials.version == '3'
    @credentials.user_domain_name = keystone_puppet_credentials['user_domain_name']
    @credentials.project_domain_name = keystone_puppet_credentials['project_domain_name']
  end
  raise error unless @credentials.set?
  Puppet::Provider::Openstack.request(service, action, properties, @credentials)
end

.make_full_name(name) ⇒ Object

Prefix with default domain if missing from the name.

# File 'lib/puppet/provider/keystone.rb', line 136

def self.make_full_name(name)
  resource_to_name(*name_to_resource(name), false)
end

.name_to_resource(name) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 125

def self.name_to_resource(name)
  uniq = name.split('::')
  if uniq.count == 1
    uniq.insert(0, default_domain)
  else
    uniq.reverse!
  end
  uniq
end

.project_id_from_name_and_domain_name(name, domain_name) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 154

def self.project_id_from_name_and_domain_name(name, domain_name)
  @projects_name ||= {}
  id_str = "#{name}_#{domain_name}"
  unless @projects_name.keys.include?(id_str)
    project = fetch_project(name, domain_name)
    if project && project.key?(:id)
      @projects_name[id_str] = project[:id]
    else
      err("Could not find project with name [#{name}] and domain [#{domain_name}]")
    end
  end
  @projects_name[id_str]
end

.request(service, action, properties = nil, options = {}) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 246

def self.request(service, action, properties=nil, options={})
  super
rescue Puppet::Error::OpenstackAuthInputError, Puppet::Error::OpenstackUnauthorizedError => error
  keystone_request(service, action, error, properties)
end

.resource_to_name(domain, name, check_for_default = true) ⇒ Object

Raises:

• (Puppet::Error)

# File 'lib/puppet/provider/keystone.rb', line 114

def self.resource_to_name(domain, name, check_for_default = true)
  raise Puppet::Error, "Domain cannot be nil for project '#{name}'. " \
    'Please report a bug.' if domain.nil?
  join_str = '::'
  name_display = [name]
  unless check_for_default && domain == default_domain
    name_display << domain
  end
  name_display.join(join_str)
end

.set_domain_for_name(name, domain_name) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 269

def self.set_domain_for_name(name, domain_name)
  if domain_name.nil? || domain_name.empty?
    raise(Puppet::Error, "Missing domain name for resource #{name}")
  end
  domain_id = self.domain_id_from_name(domain_name)
  case domain_id
  when default_domain_id
    name
  when nil
    name
  else
    name << "::#{domain_name}"
  end
end

.user_id_from_name_and_domain_name(name, domain_name) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 140

def self.user_id_from_name_and_domain_name(name, domain_name)
  @users_name ||= {}
  id_str = "#{name}_#{domain_name}"
  unless @users_name.keys.include?(id_str)
    user = fetch_user(name, domain_name)
    if user && user.key?(:id)
      @users_name[id_str] = user[:id]
    else
      err("Could not find user with name [#{name}] and domain [#{domain_name}]")
    end
  end
  @users_name[id_str]
end

Instance Method Details

#bool_to_sym(bool) ⇒ Object

Helper functions to use on the pre-validated enabled field

# File 'lib/puppet/provider/keystone.rb', line 285

def bool_to_sym(bool)
  bool == true ? :true : :false
end

#keystone_puppet_credentials ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 62

def keystone_puppet_credentials
  self.class.keystone_puppet_credentials
end

#sym_to_bool(sym) ⇒ Object

# File 'lib/puppet/provider/keystone.rb', line 289

def sym_to_bool(sym)
  sym == :true ? true : false
end