1""" 2Keystone module for interacting with OpenStack Keystone 3 4.. versionadded:: 2018.3.0 5 6:depends:shade 7 8Example configuration 9 10.. code-block:: yaml 11 12 keystone: 13 cloud: default 14 15.. code-block:: yaml 16 17 keystone: 18 auth: 19 username: admin 20 password: password123 21 user_domain_name: mydomain 22 project_name: myproject 23 project_domain_name: myproject 24 auth_url: https://example.org:5000/v3 25 identity_api_version: 3 26""" 27 28 29HAS_SHADE = False 30try: 31 import shade 32 from shade.exc import OpenStackCloudException 33 34 HAS_SHADE = True 35except ImportError: 36 pass 37 38__virtualname__ = "keystoneng" 39 40 41def __virtual__(): 42 """ 43 Only load this module if shade python module is installed 44 """ 45 if HAS_SHADE: 46 return __virtualname__ 47 return ( 48 False, 49 "The keystoneng execution module failed to load: shade python module is not" 50 " available", 51 ) 52 53 54def compare_changes(obj, **kwargs): 55 """ 56 Compare two dicts returning only keys that exist in the first dict and are 57 different in the second one 58 """ 59 changes = {} 60 for k, v in obj.items(): 61 if k in kwargs: 62 if v != kwargs[k]: 63 changes[k] = kwargs[k] 64 return changes 65 66 67def get_entity(ent_type, **kwargs): 68 """ 69 Attempt to query Keystone for more information about an entity 70 """ 71 try: 72 func = "keystoneng.{}_get".format(ent_type) 73 ent = __salt__[func](**kwargs) 74 except OpenStackCloudException as e: 75 # NOTE(SamYaple): If this error was something other than Forbidden we 76 # reraise the issue since we are not prepared to handle it 77 if "HTTP 403" not in e.inner_exception[1][0]: 78 raise 79 80 # NOTE(SamYaple): The user may be authorized to perform the function 81 # they are trying to do, but not authorized to search. In such a 82 # situation we want to trust that the user has passed a valid id, even 83 # though we cannot validate that this is a valid id 84 ent = kwargs["name"] 85 86 return ent 87 88 89def _clean_kwargs(keep_name=False, **kwargs): 90 """ 91 Sanatize the arguments for use with shade 92 """ 93 if "name" in kwargs and not keep_name: 94 kwargs["name_or_id"] = kwargs.pop("name") 95 96 return __utils__["args.clean_kwargs"](**kwargs) 97 98 99def setup_clouds(auth=None): 100 """ 101 Call functions to create Shade cloud objects in __context__ to take 102 advantage of Shade's in-memory caching across several states 103 """ 104 get_operator_cloud(auth) 105 get_openstack_cloud(auth) 106 107 108def get_operator_cloud(auth=None): 109 """ 110 Return an operator_cloud 111 """ 112 if auth is None: 113 auth = __salt__["config.option"]("keystone", {}) 114 if "shade_opcloud" in __context__: 115 if __context__["shade_opcloud"].auth == auth: 116 return __context__["shade_opcloud"] 117 __context__["shade_opcloud"] = shade.operator_cloud(**auth) 118 return __context__["shade_opcloud"] 119 120 121def get_openstack_cloud(auth=None): 122 """ 123 Return an openstack_cloud 124 """ 125 if auth is None: 126 auth = __salt__["config.option"]("keystone", {}) 127 if "shade_oscloud" in __context__: 128 if __context__["shade_oscloud"].auth == auth: 129 return __context__["shade_oscloud"] 130 __context__["shade_oscloud"] = shade.openstack_cloud(**auth) 131 return __context__["shade_oscloud"] 132 133 134def group_create(auth=None, **kwargs): 135 """ 136 Create a group 137 138 CLI Example: 139 140 .. code-block:: bash 141 142 salt '*' keystoneng.group_create name=group1 143 salt '*' keystoneng.group_create name=group2 domain=domain1 description='my group2' 144 """ 145 cloud = get_operator_cloud(auth) 146 kwargs = _clean_kwargs(keep_name=True, **kwargs) 147 return cloud.create_group(**kwargs) 148 149 150def group_delete(auth=None, **kwargs): 151 """ 152 Delete a group 153 154 CLI Example: 155 156 .. code-block:: bash 157 158 salt '*' keystoneng.group_delete name=group1 159 salt '*' keystoneng.group_delete name=group2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 160 salt '*' keystoneng.group_delete name=0e4febc2a5ab4f2c8f374b054162506d 161 """ 162 cloud = get_operator_cloud(auth) 163 kwargs = _clean_kwargs(**kwargs) 164 return cloud.delete_group(**kwargs) 165 166 167def group_update(auth=None, **kwargs): 168 """ 169 Update a group 170 171 CLI Example: 172 173 .. code-block:: bash 174 175 salt '*' keystoneng.group_update name=group1 description='new description' 176 salt '*' keystoneng.group_create name=group2 domain_id=b62e76fbeeff4e8fb77073f591cf211e new_name=newgroupname 177 salt '*' keystoneng.group_create name=0e4febc2a5ab4f2c8f374b054162506d new_name=newgroupname 178 """ 179 cloud = get_operator_cloud(auth) 180 kwargs = _clean_kwargs(**kwargs) 181 if "new_name" in kwargs: 182 kwargs["name"] = kwargs.pop("new_name") 183 return cloud.update_group(**kwargs) 184 185 186def group_list(auth=None, **kwargs): 187 """ 188 List groups 189 190 CLI Example: 191 192 .. code-block:: bash 193 194 salt '*' keystoneng.group_list 195 salt '*' keystoneng.group_list domain_id=b62e76fbeeff4e8fb77073f591cf211e 196 """ 197 cloud = get_operator_cloud(auth) 198 kwargs = _clean_kwargs(**kwargs) 199 return cloud.list_groups(**kwargs) 200 201 202def group_search(auth=None, **kwargs): 203 """ 204 Search for groups 205 206 CLI Example: 207 208 .. code-block:: bash 209 210 salt '*' keystoneng.group_search name=group1 211 salt '*' keystoneng.group_search domain_id=b62e76fbeeff4e8fb77073f591cf211e 212 """ 213 cloud = get_operator_cloud(auth) 214 kwargs = _clean_kwargs(**kwargs) 215 return cloud.search_groups(**kwargs) 216 217 218def group_get(auth=None, **kwargs): 219 """ 220 Get a single group 221 222 CLI Example: 223 224 .. code-block:: bash 225 226 salt '*' keystoneng.group_get name=group1 227 salt '*' keystoneng.group_get name=group2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 228 salt '*' keystoneng.group_get name=0e4febc2a5ab4f2c8f374b054162506d 229 """ 230 cloud = get_operator_cloud(auth) 231 kwargs = _clean_kwargs(**kwargs) 232 return cloud.get_group(**kwargs) 233 234 235def project_create(auth=None, **kwargs): 236 """ 237 Create a project 238 239 CLI Example: 240 241 .. code-block:: bash 242 243 salt '*' keystoneng.project_create name=project1 244 salt '*' keystoneng.project_create name=project2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 245 salt '*' keystoneng.project_create name=project3 enabled=False description='my project3' 246 """ 247 cloud = get_openstack_cloud(auth) 248 kwargs = _clean_kwargs(keep_name=True, **kwargs) 249 return cloud.create_project(**kwargs) 250 251 252def project_delete(auth=None, **kwargs): 253 """ 254 Delete a project 255 256 CLI Example: 257 258 .. code-block:: bash 259 260 salt '*' keystoneng.project_delete name=project1 261 salt '*' keystoneng.project_delete name=project2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 262 salt '*' keystoneng.project_delete name=f315afcf12f24ad88c92b936c38f2d5a 263 """ 264 cloud = get_openstack_cloud(auth) 265 kwargs = _clean_kwargs(**kwargs) 266 return cloud.delete_project(**kwargs) 267 268 269def project_update(auth=None, **kwargs): 270 """ 271 Update a project 272 273 CLI Example: 274 275 .. code-block:: bash 276 277 salt '*' keystoneng.project_update name=project1 new_name=newproject 278 salt '*' keystoneng.project_update name=project2 enabled=False description='new description' 279 """ 280 cloud = get_openstack_cloud(auth) 281 kwargs = _clean_kwargs(**kwargs) 282 if "new_name" in kwargs: 283 kwargs["name"] = kwargs.pop("new_name") 284 return cloud.update_project(**kwargs) 285 286 287def project_list(auth=None, **kwargs): 288 """ 289 List projects 290 291 CLI Example: 292 293 .. code-block:: bash 294 295 salt '*' keystoneng.project_list 296 salt '*' keystoneng.project_list domain_id=b62e76fbeeff4e8fb77073f591cf211e 297 """ 298 cloud = get_openstack_cloud(auth) 299 kwargs = _clean_kwargs(**kwargs) 300 return cloud.list_projects(**kwargs) 301 302 303def project_search(auth=None, **kwargs): 304 """ 305 Search projects 306 307 CLI Example: 308 309 .. code-block:: bash 310 311 salt '*' keystoneng.project_search 312 salt '*' keystoneng.project_search name=project1 313 salt '*' keystoneng.project_search domain_id=b62e76fbeeff4e8fb77073f591cf211e 314 """ 315 cloud = get_openstack_cloud(auth) 316 kwargs = _clean_kwargs(**kwargs) 317 return cloud.search_projects(**kwargs) 318 319 320def project_get(auth=None, **kwargs): 321 """ 322 Get a single project 323 324 CLI Example: 325 326 .. code-block:: bash 327 328 salt '*' keystoneng.project_get name=project1 329 salt '*' keystoneng.project_get name=project2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 330 salt '*' keystoneng.project_get name=f315afcf12f24ad88c92b936c38f2d5a 331 """ 332 cloud = get_openstack_cloud(auth) 333 kwargs = _clean_kwargs(**kwargs) 334 return cloud.get_project(**kwargs) 335 336 337def domain_create(auth=None, **kwargs): 338 """ 339 Create a domain 340 341 CLI Example: 342 343 .. code-block:: bash 344 345 salt '*' keystoneng.domain_create name=domain1 346 """ 347 cloud = get_operator_cloud(auth) 348 kwargs = _clean_kwargs(keep_name=True, **kwargs) 349 return cloud.create_domain(**kwargs) 350 351 352def domain_delete(auth=None, **kwargs): 353 """ 354 Delete a domain 355 356 CLI Example: 357 358 .. code-block:: bash 359 360 salt '*' keystoneng.domain_delete name=domain1 361 salt '*' keystoneng.domain_delete name=b62e76fbeeff4e8fb77073f591cf211e 362 """ 363 cloud = get_operator_cloud(auth) 364 kwargs = _clean_kwargs(**kwargs) 365 return cloud.delete_domain(**kwargs) 366 367 368def domain_update(auth=None, **kwargs): 369 """ 370 Update a domain 371 372 CLI Example: 373 374 .. code-block:: bash 375 376 salt '*' keystoneng.domain_update name=domain1 new_name=newdomain 377 salt '*' keystoneng.domain_update name=domain1 enabled=True description='new description' 378 """ 379 cloud = get_operator_cloud(auth) 380 kwargs = _clean_kwargs(**kwargs) 381 if "new_name" in kwargs: 382 kwargs["name"] = kwargs.pop("new_name") 383 return cloud.update_domain(**kwargs) 384 385 386def domain_list(auth=None, **kwargs): 387 """ 388 List domains 389 390 CLI Example: 391 392 .. code-block:: bash 393 394 salt '*' keystoneng.domain_list 395 """ 396 cloud = get_operator_cloud(auth) 397 kwargs = _clean_kwargs(**kwargs) 398 return cloud.list_domains(**kwargs) 399 400 401def domain_search(auth=None, **kwargs): 402 """ 403 Search domains 404 405 CLI Example: 406 407 .. code-block:: bash 408 409 salt '*' keystoneng.domain_search 410 salt '*' keystoneng.domain_search name=domain1 411 """ 412 cloud = get_operator_cloud(auth) 413 kwargs = _clean_kwargs(**kwargs) 414 return cloud.search_domains(**kwargs) 415 416 417def domain_get(auth=None, **kwargs): 418 """ 419 Get a single domain 420 421 CLI Example: 422 423 .. code-block:: bash 424 425 salt '*' keystoneng.domain_get name=domain1 426 salt '*' keystoneng.domain_get name=b62e76fbeeff4e8fb77073f591cf211e 427 """ 428 cloud = get_operator_cloud(auth) 429 kwargs = _clean_kwargs(**kwargs) 430 return cloud.get_domain(**kwargs) 431 432 433def role_create(auth=None, **kwargs): 434 """ 435 Create a role 436 437 CLI Example: 438 439 .. code-block:: bash 440 441 salt '*' keystoneng.role_create name=role1 442 salt '*' keystoneng.role_create name=role1 domain_id=b62e76fbeeff4e8fb77073f591cf211e 443 """ 444 cloud = get_operator_cloud(auth) 445 kwargs = _clean_kwargs(keep_name=True, **kwargs) 446 return cloud.create_role(**kwargs) 447 448 449def role_delete(auth=None, **kwargs): 450 """ 451 Delete a role 452 453 CLI Example: 454 455 .. code-block:: bash 456 457 salt '*' keystoneng.role_delete name=role1 domain_id=b62e76fbeeff4e8fb77073f591cf211e 458 salt '*' keystoneng.role_delete name=1eb6edd5525e4ac39af571adee673559 459 """ 460 cloud = get_operator_cloud(auth) 461 kwargs = _clean_kwargs(**kwargs) 462 return cloud.delete_role(**kwargs) 463 464 465def role_update(auth=None, **kwargs): 466 """ 467 Update a role 468 469 CLI Example: 470 471 .. code-block:: bash 472 473 salt '*' keystoneng.role_update name=role1 new_name=newrole 474 salt '*' keystoneng.role_update name=1eb6edd5525e4ac39af571adee673559 new_name=newrole 475 """ 476 cloud = get_operator_cloud(auth) 477 kwargs = _clean_kwargs(**kwargs) 478 if "new_name" in kwargs: 479 kwargs["name"] = kwargs.pop("new_name") 480 return cloud.update_role(**kwargs) 481 482 483def role_list(auth=None, **kwargs): 484 """ 485 List roles 486 487 CLI Example: 488 489 .. code-block:: bash 490 491 salt '*' keystoneng.role_list 492 salt '*' keystoneng.role_list domain_id=b62e76fbeeff4e8fb77073f591cf211e 493 """ 494 cloud = get_operator_cloud(auth) 495 kwargs = _clean_kwargs(**kwargs) 496 return cloud.list_roles(**kwargs) 497 498 499def role_search(auth=None, **kwargs): 500 """ 501 Search roles 502 503 CLI Example: 504 505 .. code-block:: bash 506 507 salt '*' keystoneng.role_search 508 salt '*' keystoneng.role_search name=role1 509 salt '*' keystoneng.role_search domain_id=b62e76fbeeff4e8fb77073f591cf211e 510 """ 511 cloud = get_operator_cloud(auth) 512 kwargs = _clean_kwargs(**kwargs) 513 return cloud.search_roles(**kwargs) 514 515 516def role_get(auth=None, **kwargs): 517 """ 518 Get a single role 519 520 CLI Example: 521 522 .. code-block:: bash 523 524 salt '*' keystoneng.role_get name=role1 525 salt '*' keystoneng.role_get name=role1 domain_id=b62e76fbeeff4e8fb77073f591cf211e 526 salt '*' keystoneng.role_get name=1eb6edd5525e4ac39af571adee673559 527 """ 528 cloud = get_operator_cloud(auth) 529 kwargs = _clean_kwargs(**kwargs) 530 return cloud.get_role(**kwargs) 531 532 533def user_create(auth=None, **kwargs): 534 """ 535 Create a user 536 537 CLI Example: 538 539 .. code-block:: bash 540 541 salt '*' keystoneng.user_create name=user1 542 salt '*' keystoneng.user_create name=user2 password=1234 enabled=False 543 salt '*' keystoneng.user_create name=user3 domain_id=b62e76fbeeff4e8fb77073f591cf211e 544 """ 545 cloud = get_openstack_cloud(auth) 546 kwargs = _clean_kwargs(keep_name=True, **kwargs) 547 return cloud.create_user(**kwargs) 548 549 550def user_delete(auth=None, **kwargs): 551 """ 552 Delete a user 553 554 CLI Example: 555 556 .. code-block:: bash 557 558 salt '*' keystoneng.user_delete name=user1 559 salt '*' keystoneng.user_delete name=user2 domain_id=b62e76fbeeff4e8fb77073f591cf211e 560 salt '*' keystoneng.user_delete name=a42cbbfa1e894e839fd0f584d22e321f 561 """ 562 cloud = get_openstack_cloud(auth) 563 kwargs = _clean_kwargs(**kwargs) 564 return cloud.delete_user(**kwargs) 565 566 567def user_update(auth=None, **kwargs): 568 """ 569 Update a user 570 571 CLI Example: 572 573 .. code-block:: bash 574 575 salt '*' keystoneng.user_update name=user1 enabled=False description='new description' 576 salt '*' keystoneng.user_update name=user1 new_name=newuser 577 """ 578 cloud = get_openstack_cloud(auth) 579 kwargs = _clean_kwargs(**kwargs) 580 if "new_name" in kwargs: 581 kwargs["name"] = kwargs.pop("new_name") 582 return cloud.update_user(**kwargs) 583 584 585def user_list(auth=None, **kwargs): 586 """ 587 List users 588 589 CLI Example: 590 591 .. code-block:: bash 592 593 salt '*' keystoneng.user_list 594 salt '*' keystoneng.user_list domain_id=b62e76fbeeff4e8fb77073f591cf211e 595 """ 596 cloud = get_openstack_cloud(auth) 597 kwargs = _clean_kwargs(**kwargs) 598 return cloud.list_users(**kwargs) 599 600 601def user_search(auth=None, **kwargs): 602 """ 603 List users 604 605 CLI Example: 606 607 .. code-block:: bash 608 609 salt '*' keystoneng.user_list 610 salt '*' keystoneng.user_list domain_id=b62e76fbeeff4e8fb77073f591cf211e 611 """ 612 cloud = get_openstack_cloud(auth) 613 kwargs = _clean_kwargs(**kwargs) 614 return cloud.search_users(**kwargs) 615 616 617def user_get(auth=None, **kwargs): 618 """ 619 Get a single user 620 621 CLI Example: 622 623 .. code-block:: bash 624 625 salt '*' keystoneng.user_get name=user1 626 salt '*' keystoneng.user_get name=user1 domain_id=b62e76fbeeff4e8fb77073f591cf211e 627 salt '*' keystoneng.user_get name=02cffaa173b2460f98e40eda3748dae5 628 """ 629 cloud = get_openstack_cloud(auth) 630 kwargs = _clean_kwargs(**kwargs) 631 return cloud.get_user(**kwargs) 632 633 634def endpoint_create(auth=None, **kwargs): 635 """ 636 Create an endpoint 637 638 CLI Example: 639 640 .. code-block:: bash 641 642 salt '*' keystoneng.endpoint_create interface=admin service=glance url=https://example.org:9292 643 salt '*' keystoneng.endpoint_create interface=public service=glance region=RegionOne url=https://example.org:9292 644 salt '*' keystoneng.endpoint_create interface=admin service=glance url=https://example.org:9292 enabled=True 645 """ 646 cloud = get_operator_cloud(auth) 647 kwargs = _clean_kwargs(keep_name=True, **kwargs) 648 return cloud.create_endpoint(**kwargs) 649 650 651def endpoint_delete(auth=None, **kwargs): 652 """ 653 Delete an endpoint 654 655 CLI Example: 656 657 .. code-block:: bash 658 659 salt '*' keystoneng.endpoint_delete id=3bee4bd8c2b040ee966adfda1f0bfca9 660 """ 661 cloud = get_operator_cloud(auth) 662 kwargs = _clean_kwargs(**kwargs) 663 return cloud.delete_endpoint(**kwargs) 664 665 666def endpoint_update(auth=None, **kwargs): 667 """ 668 Update an endpoint 669 670 CLI Example: 671 672 .. code-block:: bash 673 674 salt '*' keystoneng.endpoint_update endpoint_id=4f961ad09d2d48948896bbe7c6a79717 interface=public enabled=False 675 salt '*' keystoneng.endpoint_update endpoint_id=4f961ad09d2d48948896bbe7c6a79717 region=newregion 676 salt '*' keystoneng.endpoint_update endpoint_id=4f961ad09d2d48948896bbe7c6a79717 service_name_or_id=glance url=https://example.org:9292 677 """ 678 cloud = get_operator_cloud(auth) 679 kwargs = _clean_kwargs(**kwargs) 680 return cloud.update_endpoint(**kwargs) 681 682 683def endpoint_list(auth=None, **kwargs): 684 """ 685 List endpoints 686 687 CLI Example: 688 689 .. code-block:: bash 690 691 salt '*' keystoneng.endpoint_list 692 """ 693 cloud = get_operator_cloud(auth) 694 kwargs = _clean_kwargs(**kwargs) 695 return cloud.list_endpoints(**kwargs) 696 697 698def endpoint_search(auth=None, **kwargs): 699 """ 700 Search endpoints 701 702 CLI Example: 703 704 .. code-block:: bash 705 706 salt '*' keystoneng.endpoint_search 707 salt '*' keystoneng.endpoint_search id=02cffaa173b2460f98e40eda3748dae5 708 """ 709 cloud = get_operator_cloud(auth) 710 kwargs = _clean_kwargs(**kwargs) 711 return cloud.search_endpoints(**kwargs) 712 713 714def endpoint_get(auth=None, **kwargs): 715 """ 716 Get a single endpoint 717 718 CLI Example: 719 720 .. code-block:: bash 721 722 salt '*' keystoneng.endpoint_get id=02cffaa173b2460f98e40eda3748dae5 723 """ 724 cloud = get_operator_cloud(auth) 725 kwargs = _clean_kwargs(**kwargs) 726 return cloud.get_endpoint(**kwargs) 727 728 729def service_create(auth=None, **kwargs): 730 """ 731 Create a service 732 733 CLI Example: 734 735 .. code-block:: bash 736 737 salt '*' keystoneng.service_create name=glance type=image 738 salt '*' keystoneng.service_create name=glance type=image description="Image" 739 """ 740 cloud = get_operator_cloud(auth) 741 kwargs = _clean_kwargs(keep_name=True, **kwargs) 742 return cloud.create_service(**kwargs) 743 744 745def service_delete(auth=None, **kwargs): 746 """ 747 Delete a service 748 749 CLI Example: 750 751 .. code-block:: bash 752 753 salt '*' keystoneng.service_delete name=glance 754 salt '*' keystoneng.service_delete name=39cc1327cdf744ab815331554430e8ec 755 """ 756 cloud = get_operator_cloud(auth) 757 kwargs = _clean_kwargs(**kwargs) 758 return cloud.delete_service(**kwargs) 759 760 761def service_update(auth=None, **kwargs): 762 """ 763 Update a service 764 765 CLI Example: 766 767 .. code-block:: bash 768 769 salt '*' keystoneng.service_update name=cinder type=volumev2 770 salt '*' keystoneng.service_update name=cinder description='new description' 771 salt '*' keystoneng.service_update name=ab4d35e269f147b3ae2d849f77f5c88f enabled=False 772 """ 773 cloud = get_operator_cloud(auth) 774 kwargs = _clean_kwargs(**kwargs) 775 return cloud.update_service(**kwargs) 776 777 778def service_list(auth=None, **kwargs): 779 """ 780 List services 781 782 CLI Example: 783 784 .. code-block:: bash 785 786 salt '*' keystoneng.service_list 787 """ 788 cloud = get_operator_cloud(auth) 789 kwargs = _clean_kwargs(**kwargs) 790 return cloud.list_services(**kwargs) 791 792 793def service_search(auth=None, **kwargs): 794 """ 795 Search services 796 797 CLI Example: 798 799 .. code-block:: bash 800 801 salt '*' keystoneng.service_search 802 salt '*' keystoneng.service_search name=glance 803 salt '*' keystoneng.service_search name=135f0403f8e544dc9008c6739ecda860 804 """ 805 cloud = get_operator_cloud(auth) 806 kwargs = _clean_kwargs(**kwargs) 807 return cloud.search_services(**kwargs) 808 809 810def service_get(auth=None, **kwargs): 811 """ 812 Get a single service 813 814 CLI Example: 815 816 .. code-block:: bash 817 818 salt '*' keystoneng.service_get name=glance 819 salt '*' keystoneng.service_get name=75a5804638944b3ab54f7fbfcec2305a 820 """ 821 cloud = get_operator_cloud(auth) 822 kwargs = _clean_kwargs(**kwargs) 823 return cloud.get_service(**kwargs) 824 825 826def role_assignment_list(auth=None, **kwargs): 827 """ 828 List role assignments 829 830 CLI Example: 831 832 .. code-block:: bash 833 834 salt '*' keystoneng.role_assignment_list 835 """ 836 cloud = get_operator_cloud(auth) 837 kwargs = _clean_kwargs(**kwargs) 838 return cloud.list_role_assignments(**kwargs) 839 840 841def role_grant(auth=None, **kwargs): 842 """ 843 Grant a role in a project/domain to a user/group 844 845 CLI Example: 846 847 .. code-block:: bash 848 849 salt '*' keystoneng.role_grant name=role1 user=user1 project=project1 850 salt '*' keystoneng.role_grant name=ddbe3e0ed74e4c7f8027bad4af03339d group=user1 project=project1 domain=domain1 851 salt '*' keystoneng.role_grant name=ddbe3e0ed74e4c7f8027bad4af03339d group=19573afd5e4241d8b65c42215bae9704 project=1dcac318a83b4610b7a7f7ba01465548 852 """ 853 cloud = get_operator_cloud(auth) 854 kwargs = _clean_kwargs(**kwargs) 855 return cloud.grant_role(**kwargs) 856 857 858def role_revoke(auth=None, **kwargs): 859 """ 860 Grant a role in a project/domain to a user/group 861 862 CLI Example: 863 864 .. code-block:: bash 865 866 salt '*' keystoneng.role_revoke name=role1 user=user1 project=project1 867 salt '*' keystoneng.role_revoke name=ddbe3e0ed74e4c7f8027bad4af03339d group=user1 project=project1 domain=domain1 868 salt '*' keystoneng.role_revoke name=ddbe3e0ed74e4c7f8027bad4af03339d group=19573afd5e4241d8b65c42215bae9704 project=1dcac318a83b4610b7a7f7ba01465548 869 """ 870 cloud = get_operator_cloud(auth) 871 kwargs = _clean_kwargs(**kwargs) 872 return cloud.revoke_role(**kwargs) 873