Merge "Allow to configure policy.json for OpenStack projects"

author: Jenkins <jenkins@review.openstack.org> 2017-03-30 05:29:22 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-03-30 05:29:22 +0000
commit: 313ece74cd7dd7a715f345038dbe78ec107a9afd (patch)
tree: 51676d6121f238f1a0886a7fe4e6c1eacc2e30f4 /puppet/services/keystone.yaml
parent: 0ae9d9b346f1c5d7e29b8f281474577eca260670 (diff)
parent: 91053af09dace8dba65c9e5b72eb7de15fd69522 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 17616867..0976b97c 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -158,6 +158,12 @@ parameters:
     description: >
         Cron to purge expired tokens - User
     default: 'keystone'
+  KeystonePolicies:
+    description: |
+      A hash of policies to configure for Keystone.
+      e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -197,6 +203,7 @@ outputs:
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}
+            keystone::policy::policies: {get_param: KeystonePolicies}
             keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
             keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
             keystone::token_provider: {get_param: KeystoneTokenProvider}
author	Jenkins <jenkins@review.openstack.org>	2017-03-30 05:29:22 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-03-30 05:29:22 +0000
commit	313ece74cd7dd7a715f345038dbe78ec107a9afd (patch)
tree	51676d6121f238f1a0886a7fe4e6c1eacc2e30f4 /puppet/services/keystone.yaml
parent	0ae9d9b346f1c5d7e29b8f281474577eca260670 (diff)
parent	91053af09dace8dba65c9e5b72eb7de15fd69522 (diff)