Create barbican's creator role by default
Barbican has a very specific set of keystone roles that it uses in order to properly enforce RBAC. One of them (and the most important) is the creator role. Which you'll assign to your users in order to allow them to create and retrieve secrets (the other role that can do this is admin... but we don't want to rely on this). For usability, lets create this role automatically as part of the TripleO installation. Closes-Bug: #1812209 Change-Id: I9d5f912684a0987a6bdf244321215bd5595a0fa0
This commit is contained in:
parent
0a73e19d01
commit
dfd408a73d
@ -319,6 +319,12 @@ class tripleo::profile::base::keystone (
|
|||||||
class { '::keystone::roles::admin':
|
class { '::keystone::roles::admin':
|
||||||
admin_roles => $admin_roles,
|
admin_roles => $admin_roles,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if hiera('barbican_api_enabled', false) {
|
||||||
|
keystone_role { 'creator':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $step == 3 and $manage_endpoint {
|
if $step == 3 and $manage_endpoint {
|
||||||
|
Loading…
Reference in New Issue
Block a user