Ensure Barbican required roles are created by Keystone
Presently there are several roles: audit, observer, and key-manger: service-admin that are used in Barbican policy but not generated by Keystone during a TripleO Deployment. This change updates Keystone's manifest to include creation of these missing roles then the Barbican API is included as part of a depl- oyment. Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81
This commit is contained in:
parent
e4ec756156
commit
970462b562
|
@ -325,9 +325,18 @@ class tripleo::profile::base::keystone (
|
|||
}
|
||||
|
||||
if hiera('barbican_api_enabled', false) {
|
||||
keystone_role { 'key-manager:service-admin':
|
||||
ensure => present
|
||||
}
|
||||
keystone_role { 'creator':
|
||||
ensure => present
|
||||
}
|
||||
keystone_role { 'observer':
|
||||
ensure => present
|
||||
}
|
||||
keystone_role { 'audit':
|
||||
ensure => present
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue