Browse Source

Ensure Barbican required roles are created by Keystone

Presently there are several roles: audit, observer, and key-manger:
service-admin that are used in Barbican policy but not generated
by Keystone during a TripleO Deployment.

This change updates Keystone's manifest to include creation of these
missing roles then the Barbican API is included as part of a depl-
oyment.

Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81
(cherry picked from commit 970462b562)
(cherry picked from commit 555498ba8c)
(cherry picked from commit d391ddf6a8)
tags/8.5.1
Harry Rybacki 1 month ago
parent
commit
cd526608cd
1 changed files with 9 additions and 0 deletions
  1. 9
    0
      manifests/profile/base/keystone.pp

+ 9
- 0
manifests/profile/base/keystone.pp View File

@@ -292,9 +292,18 @@ class tripleo::profile::base::keystone (
292 292
     }
293 293
 
294 294
     if hiera('barbican_api_enabled', false) {
295
+      keystone_role { 'key-manager:service-admin':
296
+        ensure => present
297
+      }
295 298
       keystone_role { 'creator':
296 299
         ensure => present
297 300
       }
301
+      keystone_role { 'observer':
302
+        ensure => present
303
+      }
304
+      keystone_role { 'audit':
305
+        ensure => present
306
+      }
298 307
     }
299 308
   }
300 309
 

Loading…
Cancel
Save