Ensure Barbican required roles are created by Keystone

Presently there are several roles: audit, observer, and key-manger:
service-admin that are used in Barbican policy but not generated
by Keystone during a TripleO Deployment.

This change updates Keystone's manifest to include creation of these
missing roles then the Barbican API is included as part of a depl-
oyment.

Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81
This commit is contained in:
Harry Rybacki 2019-08-07 10:45:07 -04:00
parent e4ec756156
commit 970462b562
1 changed files with 9 additions and 0 deletions

View File

@ -325,9 +325,18 @@ class tripleo::profile::base::keystone (
}
if hiera('barbican_api_enabled', false) {
keystone_role { 'key-manager:service-admin':
ensure => present
}
keystone_role { 'creator':
ensure => present
}
keystone_role { 'observer':
ensure => present
}
keystone_role { 'audit':
ensure => present
}
}
}