From c66491c07648bb1e8300c10e9c7cb073e49e4b95 Mon Sep 17 00:00:00 2001 From: David Shrewsbury Date: Tue, 20 Oct 2015 13:29:41 -0400 Subject: [PATCH] Add OpenStack Keystone User module This is a replacement for PR #1598 and fixes #283 --- .../{keystone_user.py => _keystone_user.py} | 1 + .../modules/cloud/openstack/os_user.py | 178 ++++++++++++++++++ 2 files changed, 179 insertions(+) rename lib/ansible/modules/cloud/openstack/{keystone_user.py => _keystone_user.py} (99%) create mode 100644 lib/ansible/modules/cloud/openstack/os_user.py diff --git a/lib/ansible/modules/cloud/openstack/keystone_user.py b/lib/ansible/modules/cloud/openstack/_keystone_user.py similarity index 99% rename from lib/ansible/modules/cloud/openstack/keystone_user.py rename to lib/ansible/modules/cloud/openstack/_keystone_user.py index babcc3cc56..48cc87b241 100644 --- a/lib/ansible/modules/cloud/openstack/keystone_user.py +++ b/lib/ansible/modules/cloud/openstack/_keystone_user.py @@ -21,6 +21,7 @@ DOCUMENTATION = ''' --- module: keystone_user version_added: "1.2" +deprecated: Deprecated in 2.0. Use os_user instead short_description: Manage OpenStack Identity (keystone) users, tenants and roles description: - Manage users,tenants, roles from OpenStack. diff --git a/lib/ansible/modules/cloud/openstack/os_user.py b/lib/ansible/modules/cloud/openstack/os_user.py new file mode 100644 index 0000000000..79c315c959 --- /dev/null +++ b/lib/ansible/modules/cloud/openstack/os_user.py @@ -0,0 +1,178 @@ +#!/usr/bin/python +# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see . + + +try: + import shade + HAS_SHADE = True +except ImportError: + HAS_SHADE = False + +DOCUMENTATION = ''' +--- +module: os_user +short_description: Manage OpenStack Identity Users +extends_documentation_fragment: openstack +version_added: "2.0" +description: + - Manage OpenStack Identity users. Users can be created, + updated or deleted using this module. A user will be updated + if I(name) matches an existing user and I(state) is present. + The value for I(name) cannot be updated without deleting and + re-creating the user. +options: + name: + description: + - Username for the user + required: true + password: + description: + - Password for the user + required: true + email: + description: + - Email address for the user + required: false + default: None + default_project: + description: + - Project name or ID that the user should be associated with by default + required: false + default: None + domain: + description: + - Domain to create the user in if the cloud supports domains + required: false + default: None + enabled: + description: + - Is the user enabled + required: false + default: True + state: + description: + - Should the resource be present or absent. + choices: [present, absent] + default: present +requirements: + - "python >= 2.6" + - "shade" +''' + +EXAMPLES = ''' +# Create a user +- os_user: + cloud: mycloud + state: present + name: demouser + password: secret + email: demo@example.com + domain: default + default_project: demo + +# Delete a user +- os_user: + cloud: mycloud + state: absent + name: demouser +''' + + +def _needs_update(module, user): + keys = ('email', 'default_project', 'domain', 'enabled') + for key in keys: + if module.params[key] is not None and module.params[key] != user.get(key): + return True + + # We don't get password back in the user object, so assume any supplied + # password is a change. + if module.params['password'] is not None: + return True + + return False + +def main(): + + argument_spec = openstack_full_argument_spec( + name=dict(required=True), + password=dict(required=False, default=None), + email=dict(required=False, default=None), + default_project=dict(required=False, default=None), + domain=dict(required=False, default=None), + enabled=dict(default=True, type='bool'), + state=dict(default='present', choices=['absent', 'present']), + ) + + module_kwargs = openstack_module_kwargs() + module = AnsibleModule(argument_spec, **module_kwargs) + + if not HAS_SHADE: + module.fail_json(msg='shade is required for this module') + + name = module.params['name'] + password = module.params['password'] + email = module.params['email'] + default_project = module.params['default_project'] + domain = module.params['domain'] + enabled = module.params['enabled'] + state = module.params['state'] + + try: + cloud = shade.openstack_cloud(**module.params) + user = cloud.get_user(name) + + project_id = None + if default_project: + project = cloud.get_project(default_project) + if not project: + module.fail_json(msg='Default project %s is not valid' % default_project) + project_id = project['id'] + + if state == 'present': + if user is None: + user = cloud.create_user( + name=name, password=password, email=email, + default_project=default_project, domain_id=domain, + enabled=enabled) + changed = True + else: + if _needs_update(module, user): + user = cloud.update_user( + user['id'], password=password, email=email, + default_project=project_id, domain_id=domain, + enabled=enabled) + changed = True + else: + changed = False + module.exit_json(changed=changed, user=user) + + elif state == 'absent': + if user is None: + changed=False + else: + cloud.delete_user(user['id']) + changed=True + module.exit_json(changed=changed) + + except shade.OpenStackCloudException as e: + module.fail_json(msg=e.message, extra_data=e.extra_data) + +from ansible.module_utils.basic import * +from ansible.module_utils.openstack import * + + +if __name__ == '__main__': + main()