Add default roles used by Barbican
The default roles used by Barbican are missing. According to the policy.json the Key Manager comes with, four roles have to be defined. Depends-On: I999aa55269348497154a8eb073c2ff663242af4e Change-Id: If50e02a5886a1f3b26eb033103904122302afeda Closes-Bug: #1657742
This commit is contained in:
Vadim Kuznetsov
parent
9d01669487
commit
0ed71b4f48
|
|
@ -55,8 +55,14 @@ barbican_service_name: barbican
|
|||
barbican_service_user_name: barbican
|
||||
barbican_service_type: key-manager
|
||||
barbican_service_description: "OpenStack Key and Secrets Management (Barbican)"
|
||||
barbican_default_role_names:
|
||||
- "key-manager:service-admin"
|
||||
- creator
|
||||
- observer
|
||||
- audit
|
||||
barbican_service_role_names:
|
||||
- admin
|
||||
- creator
|
||||
barbican_service_region: RegionOne
|
||||
barbican_service_host: "0.0.0.0"
|
||||
barbican_service_port: 9311
|
||||
|
|
|
|||
|
|
@ -54,6 +54,18 @@
|
|||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Add service roles
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
with_items: "{{ barbican_default_role_names }}"
|
||||
register: barbican_roles
|
||||
until: barbican_roles is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add service user to admin roles
|
||||
os_user_role:
|
||||
cloud: default
|
||||
|
|
|
|||
Loading…
Reference in New Issue