X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fbarbican-api.yaml;h=91a5b01cc4dae3463d66562f6d3c8068711bd463;hb=e1e8554494d6b05c82aedb9fbb305dd142ff26ac;hp=d8787c87a7eb05c318e1d4f844ed9cce6386f413;hpb=835f2650c592969d2a8ca89b5ae71ca8994f8b25;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index d8787c87..91a5b01c 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -55,6 +55,12 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  BarbicanPolicies:
+    description: |
+      A hash of policies to configure for Barbican.
+      e.g. { barbican-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -77,6 +83,7 @@ outputs:
             barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             barbican::keystone::authtoken::project_name: 'service'
+            barbican::policy::policies: {get_param: BarbicanPolicies}
             barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
             barbican::api::db_auto_create: false
             barbican::api::enabled_certificate_plugins: ['simple_certificate']