OpenStack Barbican Puppet Module
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

55 lines
1.3 KiB

# == Class: barbican::policy
#
# Configure the barbican policies
#
# === Parameters
#
# [*enforce_scope*]
# (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $::os_service_default.
#
# [*policies*]
# (Optional) Set of policies to configure for barbican
# Example :
# {
# 'barbican-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'barbican-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
# }
# Defaults to empty hash.
#
# [*policy_path*]
# (Optional) Path to the barbican policy.yaml file
# Defaults to /etc/barbican/policy.yaml
#
class barbican::policy (
$enforce_scope = $::os_service_default,
$policies = {},
$policy_path = '/etc/barbican/policy.yaml',
) {
include barbican::deps
include barbican::params
validate_legacy(Hash, 'validate_hash', $policies)
Openstacklib::Policy::Base {
file_path => $policy_path,
file_user => 'root',
file_group => $::barbican::params::group,
file_format => 'yaml',
}
create_resources('openstacklib::policy::base', $policies)
oslo::policy { 'barbican_config':
enforce_scope => $enforce_scope,
policy_file => $policy_path
}
}