diff --git a/salt/modules/keystone.py b/salt/modules/keystone.py index 26b05c792d..15a0a367da 100644 --- a/salt/modules/keystone.py +++ b/salt/modules/keystone.py @@ -509,10 +509,11 @@ def user_delete(user_id=None, name=None): def user_update(user_id=None, name=None, email=None, - enabled=None): + enabled=None, + tenant=None): ''' Update a user's information (keystone user-update) - The following fields may be updated: name, email, enabled. + The following fields may be updated: name, email, enabled, tenant. Because the name is one of the fields, a valid user id is required. CLI Examples: @@ -539,6 +540,12 @@ def user_update(user_id=None, if enabled is None: enabled = user.enabled kstone.users.update(user=user_id, name=name, email=email, enabled=enabled) + if tenant: + for t in kstone.tenants.list(): + if t.name == tenant: + tenant_id = t.id + break + kstone.users.update_tenant(user_id, tenant_id) ret = 'Info updated for user ID {0}'.format(user_id) return ret diff --git a/salt/states/keystone.py b/salt/states/keystone.py index a14ff84360..1d66059661 100644 --- a/salt/states/keystone.py +++ b/salt/states/keystone.py @@ -31,7 +31,7 @@ def __virtual__(): def user_present(name, password, email, - tenant_id=None, + tenant=None, enabled=True): ''' Ensure that the keystone user is present with the specified properties. @@ -45,30 +45,48 @@ def user_present(name, email The email address for this user - tenant_id - The tenant id for this user + tenant + The tenant for this user + + enabled + Availability state for this user ''' ret = {'name': name, 'changes': {}, 'result': True, - 'comment': 'Keystone user {0} is already present'.format(name)} + 'comment': 'User "{0}" is already present'.format(name)} + + # Validate tenant if set + if tenant is not None: + tenantdata = __salt__['keystone.tenant_get'](name=tenant) + if 'Error' in tenantdata: + ret['result'] = False + ret['comment'] = 'Tenant "{0}" does not exist'.format(tenant) + return ret + tenant_id = tenantdata[tenant]['id'] + else: + tenant_id = None # Check if user is already present user = __salt__['keystone.user_get'](name=name) if 'Error' not in user: if user[name]['email'] != email: __salt__['keystone.user_update'](name=name, email=email) - ret['comment'] = 'Keystone user {0} has been updated'.format(name) + ret['comment'] = 'User "{0}" has been updated'.format(name) ret['changes']['Email'] = 'Updated' if user[name]['enabled'] != enabled: __salt__['keystone.user_update'](name=name, enabled=enabled) - ret['comment'] = 'Keystone user {0} has been updated'.format(name) + ret['comment'] = 'User "{0}" has been updated'.format(name) ret['changes']['Enabled'] = 'Now {0}'.format(enabled) + if user[name]['tenant_id'] != tenant_id: + __salt__['keystone.user_update'](name=name, tenant=tenant) + ret['comment'] = 'User "{0}" has been updated'.format(name) + ret['changes']['Tenant'] = 'Added to "{0}" tenant'.format(tenant) if not __salt__['keystone.user_verify_password'](name=name, password=password): __salt__['keystone.user_password_update'](name=name, password=password) - ret['comment'] = 'Keystone user {0} has been updated'.format(name) + ret['comment'] = 'User "{0}" has been updated'.format(name) ret['changes']['Password'] = 'Updated' else: # Create that user! @@ -93,14 +111,14 @@ def user_absent(name): ret = {'name': name, 'changes': {}, 'result': True, - 'comment': 'Keystone user {0} is already absent'.format(name)} + 'comment': 'User "{0}" is already absent'.format(name)} # Check if user is present user = __salt__['keystone.user_get'](name=name) if 'Error' not in user: # Delete that user! __salt__['keystone.user_delete'](name=name) - ret['comment'] = 'Keystone user {0} has been deleted'.format(name) + ret['comment'] = 'User "{0}" has been deleted'.format(name) ret['changes']['User'] = 'Deleted' return ret @@ -109,11 +127,20 @@ def user_absent(name): def tenant_present(name, description=None, enabled=True): '''' Ensures that the keystone tenant exists + + name + The name of the tenant to manage + + description + The description to use for this tenant + + enabled + Availability state for this tenant ''' ret = {'name': name, 'changes': {}, 'result': True, - 'comment': 'Keystone tenant {0} already exists'.format(name)} + 'comment': 'Tenant "{0}" already exists'.format(name)} # Check if user is already present tenant = __salt__['keystone.tenant_get'](name=name) @@ -121,18 +148,18 @@ def tenant_present(name, description=None, enabled=True): if 'Error' not in tenant: if tenant[name]['description'] != description: __salt__['keystone.tenant_update'](name, description, enabled) - comment = 'Keystone tenant {0} has been updated'.format(name) + comment = 'Tenant "{0}" has been updated'.format(name) ret['comment'] = comment ret['changes']['Description'] = 'Updated' if tenant[name]['enabled'] != enabled: __salt__['keystone.tenant_update'](name, description, enabled) - comment = 'Keystone tenant {0} has been updated'.format(name) + comment = 'Tenant "{0}" has been updated'.format(name) ret['comment'] = comment ret['changes']['Enabled'] = 'Now {0}'.format(enabled) else: # Create tenant __salt__['keystone.tenant_create'](name, description, enabled) - ret['comment'] = 'Keystone tenant {0} has been added'.format(name) + ret['comment'] = 'Tenant "{0}" has been added'.format(name) ret['changes']['Tenant'] = 'Created' return ret @@ -147,14 +174,14 @@ def tenant_absent(name): ret = {'name': name, 'changes': {}, 'result': True, - 'comment': 'Keystone tenant {0} is already absent'.format(name)} + 'comment': 'Tenant "{0}" is already absent'.format(name)} # Check if tenant is present tenant = __salt__['keystone.tenant_get'](name=name) if 'Error' not in tenant: # Delete tenant __salt__['keystone.tenant_delete'](name=name) - ret['comment'] = 'Keystone tenant {0} has been deleted'.format(name) + ret['comment'] = 'Tenant "{0}" has been deleted'.format(name) ret['changes']['Tenant'] = 'Deleted' return ret