Merge "Internal TLS: use common CA file parameter for libvirt CA cert"

[apex-tripleo-heat-templates.git] / puppet / services / heat-api.yaml

diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 2bc92cd..f8128bb 100644 (file)
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -41,6 +41,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  HeatApiPolicies:
+    description: |
+      A hash of policies to configure for Heat API.
+      e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 conditions:
   heat_workers_zero: {equals : [{get_param: HeatWorkers}, 0]}
@@ -82,6 +88,7 @@ outputs:
                   - 13004
             heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
             heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+            heat::policy::policies: {get_param: HeatApiPolicies}
             heat::api::service_name: 'httpd'
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
@@ -130,7 +137,7 @@ outputs:
         - name: Stop heat_api service (running under httpd)
           tags: step1
           service: name=httpd state=stopped
-          when: "heat_api_apache.rc == 0"
+          when: heat_api_apache.rc == 0
         - name: Stop and disable heat_api service (pre-upgrade not under httpd)
           tags: step1
           when: heat_api_enabled.rc == 0