Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Fixing acronym for BGPVPN composable service"
[apex-tripleo-heat-templates.git] / puppet / services / barbican-api.yaml
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index cba9241..91a5b01 100644 (file)
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -55,6 +55,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  BarbicanPolicies:
+    description: |
+      A hash of policies to configure for Barbican.
+      e.g. { barbican-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -74,9 +80,10 @@ outputs:
         map_merge:
           - get_attr: [ApacheServiceBase, role_data, config_settings]
           - barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
-            barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::project_name: 'service'
+            barbican::policy::policies: {get_param: BarbicanPolicies}
             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
             barbican::api::db_auto_create: false
             barbican::api::enabled_certificate_plugins: ['simple_certificate']
@@ -135,14 +142,14 @@ outputs:
           nova::compute::barbican_endpoint:
             get_param: [EndpointMap, BarbicanInternal, uri]
           nova::compute::barbican_auth_endpoint:
-            get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+            get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
         cinder_api:
           cinder::api::keymgr_api_class: >
             castellan.key_manager.barbican_key_manager.BarbicanKeyManager
           cinder::api::keymgr_encryption_api_url:
             get_param: [EndpointMap, BarbicanInternal, uri]
           cinder::api::keymgr_encryption_auth_url:
-            get_param: [EndpointMap, KeystoneV3Internal, uri_no_suffix]
+            get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]
       upgrade_tasks: