D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
saltstack
/
salt
/
lib
/
python3.10
/
site-packages
/
salt
/
states
/
Filename :
keystone_role_grant.py
back
Copy
""" Management of OpenStack Keystone Role Grants ============================================ .. versionadded:: 2018.3.0 :depends: shade :configuration: see :py:mod:`salt.modules.keystoneng` for setup instructions Example States .. code-block:: yaml create group: keystone_group.present: - name: group1 delete group: keystone_group.absent: - name: group1 create group with optional params: keystone_group.present: - name: group1 - domain: domain1 - description: 'my group' """ __virtualname__ = "keystone_role_grant" def __virtual__(): if "keystoneng.role_grant" in __salt__: return __virtualname__ return ( False, "The keystoneng execution module failed to load: shade python module is not" " available", ) def _get_filters(kwargs): role_kwargs = {"name": kwargs.pop("role")} if "role_domain" in kwargs: domain = __salt__["keystoneng.get_entity"]( "domain", name=kwargs.pop("role_domain") ) if domain: role_kwargs["domain_id"] = domain.id if hasattr(domain, "id") else domain role = __salt__["keystoneng.role_get"](**role_kwargs) kwargs["name"] = role filters = {"role": role.id if hasattr(role, "id") else role} if "domain" in kwargs: domain = __salt__["keystoneng.get_entity"]("domain", name=kwargs.pop("domain")) kwargs["domain"] = filters["domain"] = ( domain.id if hasattr(domain, "id") else domain ) if "project" in kwargs: project_kwargs = {"name": kwargs.pop("project")} if "project_domain" in kwargs: domain = __salt__["keystoneng.get_entity"]( "domain", name=kwargs.pop("project_domain") ) if domain: project_kwargs["domain_id"] = domain.id project = __salt__["keystoneng.get_entity"]("project", **project_kwargs) kwargs["project"] = project filters["project"] = project.id if hasattr(project, "id") else project if "user" in kwargs: user_kwargs = {"name": kwargs.pop("user")} if "user_domain" in kwargs: domain = __salt__["keystoneng.get_entity"]( "domain", name=kwargs.pop("user_domain") ) if domain: user_kwargs["domain_id"] = domain.id user = __salt__["keystoneng.get_entity"]("user", **user_kwargs) kwargs["user"] = user filters["user"] = user.id if hasattr(user, "id") else user if "group" in kwargs: group_kwargs = {"name": kwargs["group"]} if "group_domain" in kwargs: domain = __salt__["keystoneng.get_entity"]( "domain", name=kwargs.pop("group_domain") ) if domain: group_kwargs["domain_id"] = domain.id group = __salt__["keystoneng.get_entity"]("group", **group_kwargs) kwargs["group"] = group filters["group"] = group.id if hasattr(group, "id") else group return filters, kwargs def present(name, auth=None, **kwargs): ret = {"name": name, "changes": {}, "result": True, "comment": ""} __salt__["keystoneng.setup_clouds"](auth) if "role" not in kwargs: kwargs["role"] = name filters, kwargs = _get_filters(kwargs) grants = __salt__["keystoneng.role_assignment_list"](filters=filters) if not grants: __salt__["keystoneng.role_grant"](**kwargs) for k, v in filters.items(): ret["changes"][k] = v ret["comment"] = "Granted role assignment" return ret def absent(name, auth=None, **kwargs): ret = {"name": name, "changes": {}, "result": True, "comment": ""} __salt__["keystoneng.setup_clouds"](auth) if "role" not in kwargs: kwargs["role"] = name filters, kwargs = _get_filters(kwargs) grants = __salt__["keystoneng.role_assignment_list"](filters=filters) if grants: __salt__["keystoneng.role_revoke"](**kwargs) for k, v in filters.items(): ret["changes"][k] = v ret["comment"] = "Revoked role assignment" return ret