Browse Source

Ensure Barbican required roles are created by Keystone

Presently there are several roles: audit, observer, and key-manger:
service-admin that are used in Barbican policy but not generated
by Keystone during a TripleO Deployment.

This change updates Keystone's manifest to include creation of these
missing roles then the Barbican API is included as part of a depl-
oyment.

Change-Id: I6d5d0a37abeb54600bb70e22fabde9479320ab81
(cherry picked from commit 970462b562)
(cherry picked from commit 555498ba8c)
tags/9.5.1
Harry Rybacki 1 month ago
parent
commit
d391ddf6a8
1 changed files with 9 additions and 0 deletions
  1. 9
    0
      manifests/profile/base/keystone.pp

+ 9
- 0
manifests/profile/base/keystone.pp View File

@@ -303,9 +303,18 @@ class tripleo::profile::base::keystone (
303 303
     }
304 304
 
305 305
     if hiera('barbican_api_enabled', false) {
306
+      keystone_role { 'key-manager:service-admin':
307
+        ensure => present
308
+      }
306 309
       keystone_role { 'creator':
307 310
         ensure => present
308 311
       }
312
+      keystone_role { 'observer':
313
+        ensure => present
314
+      }
315
+      keystone_role { 'audit':
316
+        ensure => present
317
+      }
309 318
     }
310 319
   }
311 320
 

Loading…
Cancel
Save