Merge "Allow to configure policy.json for OpenStack projects"

author: Jenkins <jenkins@review.openstack.org> 2017-03-30 05:29:22 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-03-30 05:29:22 +0000
commit: 313ece74cd7dd7a715f345038dbe78ec107a9afd (patch)
tree: 51676d6121f238f1a0886a7fe4e6c1eacc2e30f4 /puppet/services/barbican-api.yaml
parent: 0ae9d9b346f1c5d7e29b8f281474577eca260670 (diff)
parent: 91053af09dace8dba65c9e5b72eb7de15fd69522 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index d8787c87..91a5b01c 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -55,6 +55,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  BarbicanPolicies:
+    description: |
+      A hash of policies to configure for Barbican.
+      e.g. { barbican-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -77,6 +83,7 @@ outputs:
             barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::project_name: 'service'
+            barbican::policy::policies: {get_param: BarbicanPolicies}
             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
             barbican::api::db_auto_create: false
             barbican::api::enabled_certificate_plugins: ['simple_certificate']
author	Jenkins <jenkins@review.openstack.org>	2017-03-30 05:29:22 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-03-30 05:29:22 +0000
commit	313ece74cd7dd7a715f345038dbe78ec107a9afd (patch)
tree	51676d6121f238f1a0886a7fe4e6c1eacc2e30f4 /puppet/services/barbican-api.yaml
parent	0ae9d9b346f1c5d7e29b8f281474577eca260670 (diff)
parent	91053af09dace8dba65c9e5b72eb7de15fd69522 (diff)