Merge "Fixing acronym for BGPVPN composable service"

[apex-tripleo-heat-templates.git] / puppet / services / panko-api.yaml

diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index 254d7c2..43e7aa1 100644 (file)
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -24,6 +24,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  PankoApiPolicies:
+    description: |
+      A hash of policies to configure for Panko API.
+      e.g. { panko-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
   PankoBase:
@@ -58,6 +64,7 @@ outputs:
                   "%{hiera('fqdn_$NETWORK')}"
                 params:
                   $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
+            panko::policy::policies: {get_param: PankoApiPolicies}
             panko::api::service_name: 'httpd'
             panko::api::enable_proxy_headers_parsing: true
             tripleo.panko_api.firewall_rules:
@@ -87,7 +94,7 @@ outputs:
       upgrade_tasks:
         - name: Check if httpd is deployed
           command: systemctl is-enabled httpd
-          tags: step0,validation
+          tags: common
           ignore_errors: True
           register: httpd_enabled
         - name: "PreUpgrade step0,validation: Check if httpd is running"
@@ -99,3 +106,7 @@ outputs:
         - name: Stop panko-api service (running under httpd)
           tags: step1
           service: name=httpd state=stopped
+          when: httpd_enabled.rc == 0
+        - name: Install openstack-panko-api package if it was not installed
+          tags: step3
+          yum: name=openstack-panko-api state=latest