salt.modules.keystone

Module for handling openstack keystone calls.

optdepends

keystoneclient Python adapter

configuration

This module is not usable until the following are specified either in a pillar or in the minion's config file:

keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
keystone.verify_ssl: True

OR (for token based authentication)

keystone.token: 'ADMIN'
keystone.endpoint: 'http://127.0.0.1:35357/v2.0'

If configuration for multiple openstack accounts is required, they can be set up as different configuration profiles. For example:

openstack1:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
  keystone.verify_ssl: True

openstack2:
  keystone.user: admin
  keystone.password: verybadpass
  keystone.tenant: admin
  keystone.tenant_id: f80919baedab48ec8931f200c65a50df
  keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
  keystone.verify_ssl: True

With this configuration in place, any of the keystone functions can make use of a configuration profile by declaring it explicitly. For example:

salt '*' keystone.tenant_list profile=openstack1

salt.modules.keystone.api_version(profile=None, **connection_args)

Returns the API version derived from endpoint's response.

CLI Example:

salt '*' keystone.api_version

salt.modules.keystone.auth(profile=None, **connection_args)

Set up keystone credentials. Only intended to be used within Keystone-enabled modules.

CLI Example:

salt '*' keystone.auth

salt.modules.keystone.ec2_credentials_create(user_id=None, name=None, tenant_id=None, tenant=None, profile=None, **connection_args)

Create EC2-compatible credentials for user per tenant

CLI Examples:

salt '*' keystone.ec2_credentials_create name=admin tenant=admin

salt '*' keystone.ec2_credentials_create         user_id=c965f79c4f864eaaa9c3b41904e67082         tenant_id=722787eb540849158668370dc627ec5f

salt.modules.keystone.ec2_credentials_delete(user_id=None, name=None, access_key=None, profile=None, **connection_args)

Delete EC2-compatible credentials

CLI Examples:

salt '*' keystone.ec2_credentials_delete         860f8c2c38ca4fab989f9bc56a061a64 access_key=5f66d2f24f604b8bb9cd28886106f442

salt '*' keystone.ec2_credentials_delete name=admin         access_key=5f66d2f24f604b8bb9cd28886106f442

salt.modules.keystone.ec2_credentials_get(user_id=None, name=None, access=None, profile=None, **connection_args)

Return ec2_credentials for a user (keystone ec2-credentials-get)

CLI Examples:

salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370
salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370
salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f

salt.modules.keystone.ec2_credentials_list(user_id=None, name=None, profile=None, **connection_args)

Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)

CLI Examples:

salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list name=jack

salt.modules.keystone.endpoint_create(service, publicurl=None, internalurl=None, adminurl=None, region=None, profile=None, url=None, interface=None, **connection_args)

Create an endpoint for an Openstack service

CLI Examples:

salt 'v2' keystone.endpoint_create nova 'http://public/url' 'http://internal/url' 'http://adminurl/url' region

salt 'v3' keystone.endpoint_create nova url='http://public/url' interface='public' region='RegionOne'

salt.modules.keystone.endpoint_delete(service, region=None, profile=None, interface=None, **connection_args)

Delete endpoints of an Openstack service

CLI Examples:

salt 'v2' keystone.endpoint_delete nova [region=RegionOne]

salt 'v3' keystone.endpoint_delete nova interface=admin [region=RegionOne]

salt.modules.keystone.endpoint_get(service, region=None, profile=None, interface=None, **connection_args)

Return a specific endpoint (keystone endpoint-get)

CLI Example:

salt 'v2' keystone.endpoint_get nova [region=RegionOne]

salt 'v3' keystone.endpoint_get nova interface=admin [region=RegionOne]

salt.modules.keystone.endpoint_list(profile=None, **connection_args)

Return a list of available endpoints (keystone endpoints-list)

CLI Example:

salt '*' keystone.endpoint_list

salt.modules.keystone.project_create(name, domain, description=None, enabled=True, profile=None, **connection_args)

Create a keystone project. Overrides keystone tenant_create form api V2. For keystone api V3.

New in version 2016.11.0.

name: The project name, which must be unique within the owning domain.
domain: The domain name.
description: The project description.
enabled: Enables or disables the project.
profile: Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_create nova default description='Nova Compute Project'
salt '*' keystone.project_create test default enabled=False

salt.modules.keystone.project_delete(project_id=None, name=None, profile=None, **connection_args)

Delete a project (keystone project-delete). Overrides keystone tenant-delete form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id: The project id.
name: The project name.
profile: Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_delete project_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_delete name=demo

salt.modules.keystone.project_get(project_id=None, name=None, profile=None, **connection_args)

Return a specific projects (keystone project-get) Overrides keystone tenant-get form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id: The project id.
name: The project name.
profile: Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_get project_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.project_get name=nova

salt.modules.keystone.project_list(profile=None, **connection_args)

Return a list of available projects (keystone projects-list). Overrides keystone tenants-list form api V2. For keystone api V3 only.

New in version 2016.11.0.

profile: Configuration profile - if configuration for multiple openstack accounts required.

CLI Example:

salt '*' keystone.project_list

salt.modules.keystone.project_update(project_id=None, name=None, description=None, enabled=None, profile=None, **connection_args)

Update a tenant's information (keystone project-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID

Overrides keystone tenant_update form api V2. For keystone api V3 only.

New in version 2016.11.0.

project_id: The project id.
name: The project name, which must be unique within the owning domain.
description: The project description.
enabled: Enables or disables the project.
profile: Configuration profile - if configuration for multiple openstack accounts required.

CLI Examples:

salt '*' keystone.project_update name=admin enabled=True
salt '*' keystone.project_update c965f79c4f864eaaa9c3b41904e67082 name=admin [email protected]

salt.modules.keystone.role_create(name, profile=None, **connection_args)

Create a named role.

CLI Example:

salt '*' keystone.role_create admin

salt.modules.keystone.role_delete(role_id=None, name=None, profile=None, **connection_args)

Delete a role (keystone role-delete)

CLI Examples:

salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete name=admin

salt.modules.keystone.role_get(role_id=None, name=None, profile=None, **connection_args)

Return a specific roles (keystone role-get)

CLI Examples:

salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get name=nova

salt.modules.keystone.role_list(profile=None, **connection_args)

Return a list of available roles (keystone role-list)

CLI Example:

salt '*' keystone.role_list

salt.modules.keystone.service_create(name, service_type, description=None, profile=None, **connection_args)

Add service to Keystone service catalog

CLI Examples:

salt '*' keystone.service_create nova compute 'OpenStack Compute Service'

salt.modules.keystone.service_delete(service_id=None, name=None, profile=None, **connection_args)

Delete a service from Keystone service catalog

CLI Examples:

salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_delete name=nova

salt.modules.keystone.service_get(service_id=None, name=None, profile=None, **connection_args)

Return a specific services (keystone service-get)

CLI Examples:

salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get name=nova

salt.modules.keystone.service_list(profile=None, **connection_args)

Return a list of available services (keystone services-list)

CLI Example:

salt '*' keystone.service_list

salt.modules.keystone.tenant_create(name, description=None, enabled=True, profile=None, **connection_args)

Create a keystone tenant

CLI Examples:

salt '*' keystone.tenant_create nova description='nova tenant'
salt '*' keystone.tenant_create test enabled=False

salt.modules.keystone.tenant_delete(tenant_id=None, name=None, profile=None, **connection_args)

Delete a tenant (keystone tenant-delete)

CLI Examples:

salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete name=demo

salt.modules.keystone.tenant_get(tenant_id=None, name=None, profile=None, **connection_args)

Return a specific tenants (keystone tenant-get)

CLI Examples:

salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get name=nova

salt.modules.keystone.tenant_list(profile=None, **connection_args)

Return a list of available tenants (keystone tenants-list)

CLI Example:

salt '*' keystone.tenant_list

salt.modules.keystone.tenant_update(tenant_id=None, name=None, description=None, enabled=None, profile=None, **connection_args)

Update a tenant's information (keystone tenant-update) The following fields may be updated: name, description, enabled. Can only update name if targeting by ID

CLI Examples:

salt '*' keystone.tenant_update name=admin enabled=True
salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin [email protected]

salt.modules.keystone.token_get(profile=None, **connection_args)

Return the configured tokens (keystone token-get)

CLI Example:

salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082

salt.modules.keystone.user_create(name, password, email, tenant_id=None, enabled=True, profile=None, project_id=None, description=None, **connection_args)

Create a user (keystone user-create)

CLI Examples:

salt '*' keystone.user_create name=jack password=zero [email protected]         tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True

salt.modules.keystone.user_delete(user_id=None, name=None, profile=None, **connection_args)

Delete a user (keystone user-delete)

CLI Examples:

salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete name=nova

salt.modules.keystone.user_get(user_id=None, name=None, profile=None, **connection_args)

Return a specific users (keystone user-get)

CLI Examples:

salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get name=nova

salt.modules.keystone.user_list(profile=None, **connection_args)

Return a list of available users (keystone user-list)

CLI Example:

salt '*' keystone.user_list

salt.modules.keystone.user_password_update(user_id=None, name=None, password=None, profile=None, **connection_args)

Update a user's password (keystone user-password-update)

CLI Examples:

salt '*' keystone.user_password_update c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_password_update name=nova password=12345

salt.modules.keystone.user_role_add(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, project_id=None, project_name=None, **connection_args)

Add role for user in tenant (keystone user-role-add)

CLI Examples:

salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin

salt.modules.keystone.user_role_list(user_id=None, tenant_id=None, user_name=None, tenant_name=None, profile=None, project_id=None, project_name=None, **connection_args)

Return a list of available user_roles (keystone user-roles-list)

CLI Examples:

salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b
salt '*' keystone.user_role_list user_name=admin tenant_name=admin

salt.modules.keystone.user_role_remove(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, profile=None, project_id=None, project_name=None, **connection_args)

Remove role for user in tenant (keystone user-role-remove)

CLI Examples:

salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin

salt.modules.keystone.user_update(user_id=None, name=None, email=None, enabled=None, tenant=None, profile=None, project=None, description=None, **connection_args)

Update a user's information (keystone user-update) The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required.

CLI Examples:

salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname
salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname [email protected]

salt.modules.keystone.user_verify_password(user_id=None, name=None, password=None, profile=None, **connection_args)

Verify a user's password

CLI Examples:

salt '*' keystone.user_verify_password name=test password=foobar
salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar

© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.keystone.html