1 files changed, 30 insertions, 12 deletions

diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index 6f92066e..e121feb3 100644
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -1,4 +1,4 @@
-heat_template_version: ocata
+heat_template_version: pike
 
 description: >
   OpenStack Tacker service configured with Puppet
@@ -13,6 +13,14 @@ parameters:
   DefaultPasswords:
     default: {}
     type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
   EndpointMap:
     default: {}
     description: Mapping of service endpoint -> protocol. Typically set
@@ -47,6 +55,12 @@ parameters:
     default: 5672
     description: Set rabbit subscriber port, change this if using SSL
     type: number
+  TackerPolicies:
+    description: |
+      A hash of policies to configure for Tacker.
+      e.g. { tacker-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 outputs:
   role_data:
@@ -56,15 +70,15 @@ outputs:
       config_settings:
         tacker_password: {get_param: TackerPassword}
         tacker::db::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://tacker:'
-              - {get_param: TackerPassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/tacker'
-              - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+          make_url:
+            scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+            username: tacker
+            password: {get_param: TackerPassword}
+            host: {get_param: [EndpointMap, MysqlInternal, host]}
+            path: /tacker
+            query:
+              read_default_file: /etc/my.cnf.d/tripleo.cnf
+              read_default_group: tripleo
 
         tacker::debug: {get_param: Debug}
         tacker::rpc_backend: rabbit
@@ -75,8 +89,10 @@ outputs:
         tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]}
 
         tacker::keystone::authtoken::project_name: 'service'
-        tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
-        tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+        tacker::keystone::authtoken::user_domain_name: 'Default'
+        tacker::keystone::authtoken::project_domain_name: 'Default'
+        tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+        tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 
         tacker::db::mysql::password: {get_param: TackerPassword}
         tacker::db::mysql::user: tacker
@@ -85,10 +101,12 @@ outputs:
         tacker::db::mysql::allowed_hosts:
           - '%'
           - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+        tacker::policy::policies: {get_param: TackerPolicies}
 
       service_config_settings:
         keystone:
           tacker::keystone::auth::tenant: 'service'
+          tacker::keystone::auth::region: {get_param: KeystoneRegion}
           tacker::keystone::auth::password: {get_param: TackerPassword}
           tacker::keystone::auth::public_url: {get_param: [EndpointMap, TackerPublic, uri]}
           tacker::keystone::auth::internal_url: {get_param: [EndpointMap, TackerInternal, uri]}