Add policy.json support
This patch adds ability to customize /etc/barbican/polocy.json from pillar
barbican:server:policy:
Change-Id: Idac0182b109962fe69aa668599d8a861f226d70d
Related-Prod: PROD-22489
diff --git a/barbican/server.sls b/barbican/server.sls
index 0930baa..c50f10e 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls
@@ -43,6 +43,25 @@
- pkg: barbican_server_packages
- cmd: barbican_syncdb
+{%- for name, rule in server.get('policy', {}).items() %}
+ {%- if rule != None %}
+barbican_keystone_rule_{{ name }}_present:
+ keystone_policy.rule_present:
+ - path: /etc/barbican/policy.json
+ - name: {{ name }}
+ - rule: "{{ rule }}"
+ - require:
+ - pkg: barbican_server_packages
+ {%- else %}
+barbican_keystone_rule_{{ name }}_absent:
+ keystone_policy.rule_absent:
+ - path: /etc/barbican/policy.json
+ - name: {{ name }}
+ - require:
+ - pkg: barbican_server_packages
+ {%- endif %}
+{%- endfor %}
+
{%- if server.logging.log_appender %}
{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}