Ensure Barbican required roles are created by Keystone
Presently there are several roles: audit, observer, and key-manger: service-admin that are used in Barbican policy but not generated by Keystone during a TripleO Deployment. This change updates Keystone's manifest to include creation of these missing roles then the Barbican API is included as part of a depl- oyment. Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81 (cherry picked from commit970462b562
) (cherry picked from commit555498ba8c
) (cherry picked from commitd391ddf6a8
)
This commit is contained in:
parent
81bc798ae0
commit
cd526608cd
|
@ -292,9 +292,18 @@ class tripleo::profile::base::keystone (
|
||||||
}
|
}
|
||||||
|
|
||||||
if hiera('barbican_api_enabled', false) {
|
if hiera('barbican_api_enabled', false) {
|
||||||
|
keystone_role { 'key-manager:service-admin':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
keystone_role { 'creator':
|
keystone_role { 'creator':
|
||||||
ensure => present
|
ensure => present
|
||||||
}
|
}
|
||||||
|
keystone_role { 'observer':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
keystone_role { 'audit':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue