Add default roles used by Barbican
The default roles used by Barbican are missing.
According to the default policy.json the roles
'key-manager:service-admin', 'creator',
'observer', 'audit' are necessary for Barbican.
This is reimplementation of the 0ed71b4
because
keystone module is used in stable/queens.
Change-Id: If50e02a5886a1f3b26eb033103904122302afeda
Closes-Bug: #1657742
This commit is contained in:
parent
95e38e1c37
commit
f3db3d834e
|
@ -47,8 +47,14 @@ barbican_service_name: barbican
|
|||
barbican_service_user_name: barbican
|
||||
barbican_service_type: key-manager
|
||||
barbican_service_description: "OpenStack Key and Secrets Management (Barbican)"
|
||||
barbican_default_role_names:
|
||||
- "key-manager:service-admin"
|
||||
- creator
|
||||
- observer
|
||||
- audit
|
||||
barbican_service_role_names:
|
||||
- admin
|
||||
- creator
|
||||
barbican_service_region: RegionOne
|
||||
barbican_service_host: "0.0.0.0"
|
||||
barbican_service_port: 9311
|
||||
|
|
|
@ -47,6 +47,22 @@
|
|||
delay: 2
|
||||
no_log: True
|
||||
|
||||
- name: Ensure the Barbican roles
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
role_name: "{{ item }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: ensure_barbican_roles
|
||||
until: ensure_barbican_roles |success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ barbican_default_role_names }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure the Barbican user has the admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
|
|
Loading…
Reference in New Issue