From 0ed71b4f48c847cd167c2303713f341501803a0c Mon Sep 17 00:00:00 2001 From: Vadim Kuznetsov Date: Tue, 10 Jul 2018 12:15:58 -0400 Subject: [PATCH] Add default roles used by Barbican The default roles used by Barbican are missing. According to the policy.json the Key Manager comes with, four roles have to be defined. Depends-On: I999aa55269348497154a8eb073c2ff663242af4e Change-Id: If50e02a5886a1f3b26eb033103904122302afeda Closes-Bug: #1657742 --- defaults/main.yml | 6 ++++++ tasks/barbican_service_setup.yml | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 4c594c5..b865583 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -55,8 +55,14 @@ barbican_service_name: barbican barbican_service_user_name: barbican barbican_service_type: key-manager barbican_service_description: "OpenStack Key and Secrets Management (Barbican)" +barbican_default_role_names: + - "key-manager:service-admin" + - creator + - observer + - audit barbican_service_role_names: - admin + - creator barbican_service_region: RegionOne barbican_service_host: "0.0.0.0" barbican_service_port: 9311 diff --git a/tasks/barbican_service_setup.yml b/tasks/barbican_service_setup.yml index a270932..e8e6cce 100644 --- a/tasks/barbican_service_setup.yml +++ b/tasks/barbican_service_setup.yml @@ -54,6 +54,18 @@ delay: 10 no_log: True + - name: Add service roles + os_keystone_role: + cloud: default + state: present + name: "{{ item }}" + verify: "{{ not keystone_service_adminuri_insecure }}" + with_items: "{{ barbican_default_role_names }}" + register: barbican_roles + until: barbican_roles is success + retries: 5 + delay: 10 + - name: Add service user to admin roles os_user_role: cloud: default