puppet-module-keystone 9.4.0-1 / usr / share / puppet / modules.available / keystone / manifests / endpoint.pp

# == Class: keystone::endpoint
#
# Creates the auth endpoints for keystone
#
# === Parameters
#
# [*public_url*]
#   (optional) Public url for keystone endpoint.
#   Defaults to 'http://127.0.0.1:5000'
#   This url should *not* contain any version or trailing '/'.
#
# [*internal_url*]
#   (optional) Internal url for keystone endpoint.
#   Defaults to $public_url
#   This url should *not* contain any version or trailing '/'.
#
# [*admin_url*]
#   (optional) Admin url for keystone endpoint.
#   Defaults to 'http://127.0.0.1:35357'
#   This url should *not* contain any version or trailing '/'.
#
# [*region*]
#   (optional) Region for endpoint. (Defaults to 'RegionOne')
#
# [*user_domain*]
#   (Optional) Domain for $auth_name
#   Defaults to undef (use the keystone server default domain)
#
# [*project_domain*]
#   (Optional) Domain for $tenant (project)
#   Defaults to undef (use the keystone server default domain)
#
# [*default_domain*]
#   (Optional) Domain for $auth_name and $tenant (project)
#   If keystone_user_domain is not specified, use $keystone_default_domain
#   If keystone_project_domain is not specified, use $keystone_default_domain
#   Defaults to undef
#
# [*version*]
#   (optional) API version for endpoint.
#   Defaults to 'v2.0'. Valid values are 'v2.0', 'v3', or the empty string ''.
#   If the version is set to the empty string (''), then it won't be
#   used. This is the expected behaviour since Keystone V3 handles API versions
#   from the context.
#
# === Examples
#
#  class { 'keystone::endpoint':
#    public_url   => 'https://154.10.10.23:5000',
#    internal_url => 'https://11.0.1.7:5000',
#    admin_url    => 'https://10.0.1.7:35357',
#  }
#
class keystone::endpoint (
  $public_url        = 'http://127.0.0.1:5000',
  $internal_url      = undef,
  $admin_url         = 'http://127.0.0.1:35357',
  $region            = 'RegionOne',
  $user_domain       = undef,
  $project_domain    = undef,
  $default_domain    = undef,
  $version           = 'unset', # defaults to 'v2.0' if unset by user
) {

  include ::keystone::deps

  if $version == 'unset' {
    # $version will be set to empty '' once tempest & all openstack clients
    # actually support versionless endpoints.
    # See ongoing work in Tempest:
    # https://review.openstack.org/#/q/status:open+project:openstack/tempest-lib+branch:master+topic:bug/1530181
    # Until that, we need to set a version by default.
    $_version = 'v2.0'
  } else {
    $_version = $version
  }
  if empty($_version) {
    $admin_url_real =  $admin_url
    $public_url_real = $public_url

    if $internal_url {
      $internal_url_real = $internal_url
    }
    else {
      $internal_url_real = $public_url
    }
  }
  else {
    $public_url_real = "${public_url}/${_version}"
    $admin_url_real = "${admin_url}/${_version}"

    if $internal_url {
      $internal_url_real = "${internal_url}/${_version}"
    }
    else {
      $internal_url_real = "${public_url}/${_version}"
    }
  }

  keystone::resource::service_identity { 'keystone':
    configure_user      => false,
    configure_user_role => false,
    service_type        => 'identity',
    service_description => 'OpenStack Identity Service',
    public_url          => $public_url_real,
    admin_url           => $admin_url_real,
    internal_url        => $internal_url_real,
    region              => $region,
    user_domain         => $user_domain,
    project_domain      => $project_domain,
    default_domain      => $default_domain,
  }
  Keystone::Resource::Service_identity['keystone'] ->  File<| tag == 'openrc' |>
}