1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
require 'json'
require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/keystone')
class Puppet::Error::OpenstackDuplicateRemoteId < Puppet::Error; end
Puppet::Type.type(:keystone_identity_provider).provide(
:openstack,
:parent => Puppet::Provider::Keystone
) do
desc 'Provider to manage keystone identity provider.'
@credentials = Puppet::Provider::Openstack::CredentialsV3.new
mk_resource_methods
def create
properties = []
remote_ids = []
remote_id_file = []
option_enable = '--enable'
remote_ids += resource[:remote_ids] if resource[:remote_ids]
remote_id_file += ['--remote-id-file', resource[:remote_id_file]] if
resource[:remote_id_file]
properties += self.class.remote_ids_cli(remote_ids)
properties += remote_id_file
option_enable = '--disable' if resource[:enabled] == :false
properties << option_enable
properties += ['--description', resource[:description]] if
resource[:description]
properties << resource[:name]
@property_hash = self.class.system_request('identity provider',
'create',
properties)
rescue Puppet::ExecutionFailure => e
if e.message =~
/openstack Conflict occurred attempting to store identity_provider/
raise(Puppet::Error::OpenstackDuplicateRemoteId,
'One of the remote-id of this resource is already ' \
'registered by another identity provider: ' \
"#{e.message}")
else
raise e
end
else
@property_hash[:ensure] = :present
end
def destroy
self.class.system_request('identity provider', 'delete', id)
@property_hash.clear
end
def exists?
@property_hash[:ensure] == :present
end
def self.instances
list = system_request('identity provider', 'list')
list.collect do |identity_provider|
current_resource =
system_request('identity provider', 'show', identity_provider[:id])
new(
:name => identity_provider[:id],
:id => identity_provider[:id],
:description => identity_provider[:description],
:enabled => identity_provider[:enabled].downcase.chomp == 'true' ? true : false,
:remote_ids => clean_remote_ids(current_resource[:remote_ids]),
:ensure => :present
)
end
end
def self.prefetch(resources)
identity_providers = instances
resources.keys.each do |name|
if provider = identity_providers.find { |existing| existing.name == name }
resources[name].provider = provider
end
end
end
# puppetlabs/PUP-1470: to be removed when puppet 3.5 is no longer supported.
def enabled
if @property_hash[:enabled].nil?
:absent
else
@property_hash[:enabled]
end
end
def enabled=(value)
options = value == :false ? ['--disable'] : ['--enable']
options << id
self.class.system_request('identity provider', 'set', options)
end
def remote_ids=(value)
options = []
options += self.class.remote_ids_cli(value)
self.class.system_request('identity provider', 'set', options + [id]) unless
options.empty?
end
def remote_id_file=(value)
options = ['--remote-id-file', value]
self.class.system_request('identity provider', 'set', options + [id])
end
def remote_id_file
remote_ids
end
def self.clean_remote_ids(remote_ids)
remote_ids.split(',').map(&:strip)
end
def self.remote_ids_cli(remote_ids)
remote_ids.map { |e| ['--remote-id', e.to_s] }.flatten
end
end
|
