Add default roles used by Barbican

The default roles used by Barbican are missing.
According to the policy.json the Key Manager
comes with, four roles have to be defined.

Change-Id: I8882c2cf328b62e68797e383b26908540d669629
Closes-Bug: #1657742

ansible/roles/barbican/defaults/main.yml

@@ -65,5 +65,9 @@ barbican_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{
 barbican_logging_debug: "{{ openstack_logging_debug }}"
 
 barbican_keystone_user: "barbican"
+barbican_keymanager_role: "key-manager:service-admin"
+barbican_creator_role: "creator"
+barbican_observer_role: "observer"
+barbican_audit_role: "audit"
 
 openstack_barbican_auth: "{{ openstack_auth }}"

ansible/roles/barbican/tasks/register.yml

@@ -40,3 +40,18 @@
   retries: 10
   delay: 5
   run_once: True
+
+- name: Creating default barbican roles
+  kolla_toolbox:
+    module_name: os_keystone_role
+    module_args:
+      name: "{{ item }}"
+      auth: "{{ '{{ openstack_barbican_auth }}' }}"
+    module_extra_vars:
+      openstack_barbican_auth: "{{ openstack_barbican_auth }}"
+  run_once: True
+  with_items:
+    - "{{ barbican_keymanager_role }}"
+    - "{{ barbican_creator_role }}"
+    - "{{ barbican_observer_role }}"
+    - "{{ barbican_audit_role }}"