salt.modules.keystone

Module for handling openstack keystone calls.

optdepends:
  • keystoneclient Python adapter
configuration:

This module is not usable until the following are specified either in a pillar or in the minion's config file:

keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'

OR (for token based authentication)

keystone.token: 'ADMIN'
keystone.endpoint: 'http://127.0.0.1:35357/v2.0'

If configuration for multiple openstack accounts is required, they can be set up as different configuration profiles. For example:

openstack1:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'

openstack2:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'

With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. For example:

salt '*' keystone.tenant_list profile=openstack1
salt.modules.keystone.auth(profile=None, **connection_args)

Set up keystone credentials. Only intended to be used within Keystone-enabled modules.

CLI Example:

salt '*' keystone.auth
salt.modules.keystone.ec2_credentials_create(user_id=None, name=None, tenant_id=None, tenant=None, profile=None, **connection_args)

Create EC2-compatible credentials for user per tenant

CLI Examples:

salt '*' keystone.ec2_credentials_create name=admin tenant=admin
salt '*' keystone.ec2_credentials_create user_id=c965f79c4f864eaaa9c3b41904e67082 tenant_id=722787eb540849158668370dc627ec5f
salt.modules.keystone.ec2_credentials_delete(user_id=None, name=None, access_key=None, profile=None, **connection_args)

Delete EC2-compatible credentials

CLI Examples:

salt '*' keystone.ec2_credentials_delete 860f8c2c38ca4fab989f9bc56a061a64 access_key=5f66d2f24f604b8bb9cd28886106f442
salt '*' keystone.ec2_credentials_delete name=admin access_key=5f66d2f24f604b8bb9cd28886106f442
salt.modules.keystone.ec2_credentials_get(user_id=None, name=None, access=None, profile=None, **connection_args)

Return ec2_credentials for a user (keystone ec2-credentials-get)

CLI Examples:

salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f
salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f
salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f
salt.modules.keystone.ec2_credentials_list(user_id=None, name=None, profile=None, **connection_args)

Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)

CLI Examples:

salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list name=jack
salt.modules.keystone.endpoint_create(service, publicurl=None, internalurl=None, adminurl=None, region=None, profile=None, **connection_args)

Create an endpoint for an Openstack service

CLI Examples:

salt '*' keystone.endpoint_create nova 'http://public/url'
    'http://internal/url' 'http://adminurl/url' region
salt.modules.keystone.endpoint_delete(service, profile=None, **connection_args)

Delete endpoints of an Openstack service

CLI Examples:

salt '*' keystone.endpoint_delete nova
salt.modules.keystone.endpoint_get(service, profile=None, **connection_args)

Return a specific endpoint (keystone endpoint-get)

CLI Example:

salt '*' keystone.endpoint_get nova
salt.modules.keystone.endpoint_list(profile=None, **connection_args)

Return a list of available endpoints (keystone endpoints-list)

CLI Example:

salt '*' keystone.endpoint_list
salt.modules.keystone.role_create(name, profile=None, **connection_args)

Create a named role.

CLI Example:

salt '*' keystone.role_create admin
salt.modules.keystone.role_delete(role_id=None, name=None, profile=None, **connection_args)

Delete a role (keystone role-delete)

CLI Examples:

salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete name=admin
salt.modules.keystone.role_get(role_id=None, name=None, profile=None, **connection_args)

Return a specific roles (keystone role-get)

CLI Examples:

salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get name=nova
salt.modules.keystone.role_list(profile=None, **connection_args)

Return a list of available roles (keystone role-list)

CLI Example:

salt '*' keystone.role_list
salt.modules.keystone.service_create(name, service_type, description=None, profile=None, **connection_args)

Add service to Keystone service catalog

CLI Examples:

salt '*' keystone.service_create nova compute 'OpenStack Compute Service'
salt.modules.keystone.service_delete(service_id=None, name=None, profile=None, **connection_args)

Delete a service from Keystone service catalog

CLI Examples:

salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_delete name=nova
salt.modules.keystone.service_get(service_id=None, name=None, profile=None, **connection_args)

Return a specific services (keystone service-get)

CLI Examples:

salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get name=nova
salt.modules.keystone.service_list(profile=None, **connection_args)

Return a list of available services (keystone services-list)

CLI Example:

salt '*' keystone.service_list
salt.modules.keystone.tenant_create(name, description=None, enabled=True, profile=None, **connection_args)

Create a keystone tenant

CLI Examples:

salt '*' keystone.tenant_create nova description='nova tenant'
salt '*' keystone.tenant_create test enabled=False
salt.modules.keystone.tenant_delete(tenant_id=None, name=None, profile=None, **connection_args)

Delete a tenant (keystone tenant-delete)

CLI Examples:

salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete name=demo
salt.modules.keystone.tenant_get(tenant_id=None, name=None, profile=None, **connection_args)

Return a specific tenants (keystone tenant-get)

CLI Examples:

salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get name=nova
salt.modules.keystone.tenant_list(profile=None, **connection_args)

Return a list of available tenants (keystone tenants-list)

CLI Example:

salt '*' keystone.tenant_list
salt.modules.keystone.tenant_update(tenant_id=None, name=None, description=None, enabled=None, profile=None, **connection_args)

Update a tenant's information (keystone tenant-update) The following fields may be updated: name, email, enabled. Can only update name if targeting by ID

CLI Examples:

salt '*' keystone.tenant_update name=admin enabled=True
salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin email=admin@domain.com
salt.modules.keystone.token_get(profile=None, **connection_args)

Return the configured tokens (keystone token-get)

CLI Example:

salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082
salt.modules.keystone.user_create(name, password, email, tenant_id=None, enabled=True, profile=None, **connection_args)

Create a user (keystone user-create)

CLI Examples:

salt '*' keystone.user_create name=jack password=zero email=jack@halloweentown.org tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True
salt.modules.keystone.user_delete(user_id=None, name=None, profile=None, **connection_args)

Delete a user (keystone user-delete)

CLI Examples:

salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete name=nova
salt.modules.keystone.user_get(user_id=None, name=None, profile=None, **connection_args)

Return a specific users (keystone user-get)

CLI Examples:

salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get name=nova
salt.modules.keystone.user_list(profile=None, **connection_args)

Return a list of available users (keystone user-list)

CLI Example:

salt '*' keystone.user_list
salt.modules.keystone.user_password_update(user_id=None, name=None, password=None, profile=None, **connection_args)

Update a user's password (keystone user-password-update)

CLI Examples:

salt '*' keystone.user_password_update c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update name=nova password=12345
salt.modules.keystone.user_role_add(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, **connection_args)

Add role for user in tenant (keystone user-role-add)

CLI Examples:

salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin
salt.modules.keystone.user_role_list(user_id=None, tenant_id=None, user_name=None, tenant_name=None, profile=None, **connection_args)

Return a list of available user_roles (keystone user-roles-list)

CLI Examples:

salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b
salt '*' keystone.user_role_list user_name=admin tenant_name=admin
salt.modules.keystone.user_role_remove(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, **connection_args)

Remove role for user in tenant (keystone user-role-remove)

CLI Examples:

salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
salt.modules.keystone.user_update(user_id=None, name=None, email=None, enabled=None, tenant=None, profile=None, **connection_args)

Update a user's information (keystone user-update) The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required.

CLI Examples:

salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname
salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname email=newemail@domain.com
salt.modules.keystone.user_verify_password(user_id=None, name=None, password=None, profile=None, **connection_args)

Verify a user's password

CLI Examples:

salt '*' keystone.user_verify_password name=test password=foobar
salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar