Module for handling openstack keystone calls.
optdepends: |
|
---|---|
configuration: |
This module is not usable until the following are specified either in a pillar or in the minion's config file: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' OR (for token based authentication) keystone.token: 'ADMIN' keystone.endpoint: 'http://127.0.0.1:35357/v2.0' If configuration for multiple openstack accounts is required, they can be set up as different configuration profiles. For example: openstack1: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' openstack2: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.2:5000/v2.0/' With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. For example: salt '*' keystone.tenant_list profile=openstack1
|
Returns the API version derived from endpoint's response.
CLI Example:
salt '*' keystone.api_version
Set up keystone credentials. Only intended to be used within Keystone-enabled modules.
CLI Example:
salt '*' keystone.auth
Create EC2-compatible credentials for user per tenant
CLI Examples:
salt '*' keystone.ec2_credentials_create name=admin tenant=admin salt '*' keystone.ec2_credentials_create user_id=c965f79c4f864eaaa9c3b41904e67082 tenant_id=722787eb540849158668370dc627ec5f
Delete EC2-compatible credentials
CLI Examples:
salt '*' keystone.ec2_credentials_delete 860f8c2c38ca4fab989f9bc56a061a64 access_key=5f66d2f24f604b8bb9cd28886106f442 salt '*' keystone.ec2_credentials_delete name=admin access_key=5f66d2f24f604b8bb9cd28886106f442
Return ec2_credentials for a user (keystone ec2-credentials-get)
CLI Examples:
salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370 salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370 salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f
Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)
CLI Examples:
salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654 salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654 salt '*' keystone.ec2_credentials_list name=jack
Create an endpoint for an Openstack service
CLI Examples:
salt 'v2' keystone.endpoint_create nova 'http://public/url' 'http://internal/url' 'http://adminurl/url' region salt 'v3' keystone.endpoint_create nova url='http://public/url' interface='public' region='RegionOne'
Delete endpoints of an Openstack service
CLI Examples:
salt 'v2' keystone.endpoint_delete nova [region=RegionOne] salt 'v3' keystone.endpoint_delete nova interface=admin [region=RegionOne]
Return a specific endpoint (keystone endpoint-get)
CLI Example:
salt 'v2' keystone.endpoint_get nova [region=RegionOne] salt 'v3' keystone.endpoint_get nova interface=admin [region=RegionOne]
Return a list of available endpoints (keystone endpoints-list)
CLI Example:
salt '*' keystone.endpoint_list
Create a keystone project. Overrides keystone tenant_create form api V2. For keystone api V3.
New in version 2016.11.0.
CLI Examples:
salt '*' keystone.project_create nova default description='Nova Compute Project' salt '*' keystone.project_create test default enabled=False
Delete a project (keystone project-delete). Overrides keystone tenant-delete form api V2. For keystone api V3 only.
New in version 2016.11.0.
CLI Examples:
salt '*' keystone.project_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.project_delete project_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.project_delete name=demo
Return a specific projects (keystone project-get) Overrides keystone tenant-get form api V2. For keystone api V3 only.
New in version 2016.11.0.
CLI Examples:
salt '*' keystone.project_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.project_get project_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.project_get name=nova
Return a list of available projects (keystone projects-list). Overrides keystone tenants-list form api V2. For keystone api V3 only.
New in version 2016.11.0.
CLI Example:
salt '*' keystone.project_list
Update a tenant's information (keystone project-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID
Overrides keystone tenant_update form api V2. For keystone api V3 only.
New in version 2016.11.0.
CLI Examples:
salt '*' keystone.project_update name=admin enabled=True salt '*' keystone.project_update c965f79c4f864eaaa9c3b41904e67082 name=admin [email protected]
Create a named role.
CLI Example:
salt '*' keystone.role_create admin
Delete a role (keystone role-delete)
CLI Examples:
salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_delete name=admin
Return a specific roles (keystone role-get)
CLI Examples:
salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_get name=nova
Return a list of available roles (keystone role-list)
CLI Example:
salt '*' keystone.role_list
Add service to Keystone service catalog
CLI Examples:
salt '*' keystone.service_create nova compute 'OpenStack Compute Service'
Delete a service from Keystone service catalog
CLI Examples:
salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_delete name=nova
Return a specific services (keystone service-get)
CLI Examples:
salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_get name=nova
Return a list of available services (keystone services-list)
CLI Example:
salt '*' keystone.service_list
Create a keystone tenant
CLI Examples:
salt '*' keystone.tenant_create nova description='nova tenant' salt '*' keystone.tenant_create test enabled=False
Delete a tenant (keystone tenant-delete)
CLI Examples:
salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_delete name=demo
Return a specific tenants (keystone tenant-get)
CLI Examples:
salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_get name=nova
Return a list of available tenants (keystone tenants-list)
CLI Example:
salt '*' keystone.tenant_list
Update a tenant's information (keystone tenant-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID
CLI Examples:
salt '*' keystone.tenant_update name=admin enabled=True salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin [email protected]
Return the configured tokens (keystone token-get)
CLI Example:
salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082
Create a user (keystone user-create)
CLI Examples:
salt '*' keystone.user_create name=jack password=zero [email protected] tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True
Delete a user (keystone user-delete)
CLI Examples:
salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_delete name=nova
Return a specific users (keystone user-get)
CLI Examples:
salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_get name=nova
Return a list of available users (keystone user-list)
CLI Example:
salt '*' keystone.user_list
Update a user's password (keystone user-password-update)
CLI Examples:
salt '*' keystone.user_password_update c965f79c4f864eaaa9c3b41904e67082 password=12345 salt '*' keystone.user_password_update user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345 salt '*' keystone.user_password_update name=nova password=12345
Add role for user in tenant (keystone user-role-add)
CLI Examples:
salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4 salt '*' keystone.user_role_add user=admin tenant=admin role=admin
Return a list of available user_roles (keystone user-roles-list)
CLI Examples:
salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b salt '*' keystone.user_role_list user_name=admin tenant_name=admin
Remove role for user in tenant (keystone user-role-remove)
CLI Examples:
salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4 salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
Update a user's information (keystone user-update) The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required.
CLI Examples:
salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname [email protected]
Verify a user's password
CLI Examples:
salt '*' keystone.user_verify_password name=test password=foobar salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar
© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.keystone.html