X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fkeystone.yaml;h=0976b97c87a6f0340f3a39359d9b25b24d7d41ef;hb=99455380692f233f64c7fb68eb8a11105d39f5ac;hp=f9a15391bfddf0b9eedf3e69150f637b48d20bef;hpb=0162749f71c6831f3078ef2c7277f208aac05042;p=apex-tripleo-heat-templates.git

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index f9a15391..0976b97c 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -35,7 +35,7 @@ parameters:
   KeystoneTokenProvider:
     description: The keystone token format
     type: string
-    default: 'uuid'
+    default: 'fernet'
     constraints:
       - allowed_values: ['uuid', 'fernet']
   ServiceNetMap:
@@ -158,6 +158,12 @@ parameters:
     description: >
         Cron to purge expired tokens - User
     default: 'keystone'
+  KeystonePolicies:
+    description: |
+      A hash of policies to configure for Keystone.
+      e.g. { keystone-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -197,6 +203,7 @@ outputs:
             keystone::admin_token: {get_param: AdminToken}
             keystone::admin_password: {get_param: AdminPassword}
             keystone::roles::admin::password: {get_param: AdminPassword}
+            keystone::policy::policies: {get_param: KeystonePolicies}
             keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
             keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
             keystone::token_provider: {get_param: KeystoneTokenProvider}