Moved to a list of users.

This was done because you can't easily put a dictionary key into a yaml file as a variable. That made it difficult to make the username dynamic. Also moved all the admin credentials to the main just like the other dynamic users.
hpcloud-mon · Apr 1, 2015 · 82c01b1 · 82c01b1
1 parent 82c1ed4
commit 82c01b1
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ This role adds one or more users/projects/roles to Keystone, as specified in key
 
 ```
 keystone_users:
-  monasca-agent:
+  - username: monasca-agent
     password: some-password
     project: some-project
     role: monasca-agent

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,9 +1,9 @@
 keystone_url: http://127.0.0.1:35357/v2.0
 keystone_cacert_location: /var/tmp
 keystone_users:
-  monasca-agent:
+  - username: monasca-agent
     password: password
-    tenant: mini-mon
+    project: mini-mon
     role: monasca-agent
 keystone_service_script: /usr/local/bin/create_monasca_service.py
 monasca_api_url: http://localhost:8080/v2.0

diff --git a/templates/create_monasca_service.py.j2 b/templates/create_monasca_service.py.j2
@@ -3,23 +3,7 @@ from keystoneclient.v2_0 import client
 import sys
 
 
-def get_token(url, cacert):
-{% if keystone_admin is defined %}
-  username = '{{ keystone_admin }}'
-{% else %}
-  username = None
-{% endif %}
-{% if keystone_admin_password is defined %}
-  password = '{{ keystone_admin_password }}'
-{% else %}
-  password = None
-{% endif %}
-{% if keystone_admin_project is defined %}
-  tenant_name = '{{ keystone_admin_project }}'
-{% else %}
-  tenant_name = None
-{% endif %}
-
+def get_token(url, cacert, username, password, tenant_name):
   if not username or not password:
     print('If token is not given, keystone_admin and keystone_admin_password must be given', file=sys.stderr)
     return False
@@ -75,32 +59,32 @@ def get_role(key, role_name):
 
 def add_users(key, users):
   """Add the given users if they don't already exist"""
-  for user_name, attributes in users.iteritems():
-    if not get_user(key, user_name):
-      tenant_name = attributes['project']
+  for user in users:
+    if not get_user(key, user['username']):
+      tenant_name = user['project']
       tenant = get_tenant(key, tenant_name)
 
-      password = attributes['password']
-      if 'email' in attributes:
-        email = attributes['email']
+      password = user['password']
+      if 'email' in user:
+        email = user['email']
       else:
         email = None
 
-      user = key.users.create(name=user_name, password=password,
+      user = key.users.create(name=user['username'], password=password,
                               email=email, tenant_id=tenant.id)
   return True
 
 
 def add_user_roles(key, users):
   """Add the roles for the users if they don't already have them"""
-  for user_name, attributes in users.iteritems():
-    if not 'role' in attributes:
+  for user in users:
+    if not 'role' in user:
       continue;
-    role_name = attributes['role']
-    user = get_user(key, user_name)
-    tenant = get_tenant(key, attributes['project'])
+    role_name = user['role']
+    keystone_user = get_user(key, user['username'])
+    tenant = get_tenant(key, user['project'])
     existing = None
-    for role in key.roles.roles_for_user(user, tenant):
+    for role in key.roles.roles_for_user(keystone_user, tenant):
       if role.name == role_name:
          existing = role
          break
@@ -111,7 +95,7 @@ def add_user_roles(key, users):
     if not role:
       role = key.roles.create(role_name)
 
-    key.roles.add_user_role(user, role, tenant)
+    key.roles.add_user_role(keystone_user, role, tenant)
   return True
 
 def add_service_endpoint(key, name, description, type, url):
@@ -140,12 +124,7 @@ def add_monasca_service():
 
 def main():
   """ Get token if needed and then call methods to add tenants, users and roles """
-  users = {
-{% for username, attributes in keystone_users.iteritems() %}
-           '{{ username }}':
-                            {{ attributes }},
-{% endfor %}
-           }
+  users = {{keystone_users}}
 
   url = '{{ keystone_url_v2 }}'
 
@@ -160,15 +139,31 @@ def main():
 {% else %}
   cacert = None
 {% endif %}
+
   if not token:
-    token = get_token(url, cacert)
+{% if keystone_admin is defined %}
+    username = '{{ keystone_admin }}'
+{% else %}
+    username = None
+{% endif %}
+{% if keystone_admin_password is defined %}
+    password = '{{ keystone_admin_password }}'
+{% else %}
+    password = None
+{% endif %}
+{% if keystone_admin_project is defined %}
+    tenant_name = '{{ keystone_admin_project }}'
+{% else %}
+    tenant_name = None
+{% endif %}
+    token = get_token(url, cacert, username, password, tenant_name)
 
   key = client.Client(token=token, endpoint=url, cacert=cacert)
 
   tenants = []
-  for user, attributes in users.iteritems():
-    if 'project' in attributes and attributes['project'] not in tenants:
-       tenants.append(attributes['project'])
+  for user in users:
+    if 'project' in user and user['project'] not in tenants:
+       tenants.append(user['project'])
 
   if not add_tenants(key, tenants):
     return 1