From 4385fb682cb85edc39db50c5749b36c1598f36c1 Mon Sep 17 00:00:00 2001
From: Nenad Radojevic <nradojevic@evoila.de>
Date: Thu, 19 Jan 2017 14:05:20 +0000
Subject: [PATCH] Add default roles used by Barbican

The default roles used by Barbican are missing.
According to the policy.json the Key Manager
comes with, four roles have to be defined.

Change-Id: I8882c2cf328b62e68797e383b26908540d669629
Closes-Bug: #1657742
---
 ansible/roles/barbican/defaults/main.yml  |  4 ++++
 ansible/roles/barbican/tasks/register.yml | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/ansible/roles/barbican/defaults/main.yml b/ansible/roles/barbican/defaults/main.yml
index 11172ebc9c..62528baf01 100644
--- a/ansible/roles/barbican/defaults/main.yml
+++ b/ansible/roles/barbican/defaults/main.yml
@@ -65,5 +65,9 @@ barbican_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{
 barbican_logging_debug: "{{ openstack_logging_debug }}"
 
 barbican_keystone_user: "barbican"
+barbican_keymanager_role: "key-manager:service-admin"
+barbican_creator_role: "creator"
+barbican_observer_role: "observer"
+barbican_audit_role: "audit"
 
 openstack_barbican_auth: "{{ openstack_auth }}"
diff --git a/ansible/roles/barbican/tasks/register.yml b/ansible/roles/barbican/tasks/register.yml
index 69024333d1..dab2fd11dc 100644
--- a/ansible/roles/barbican/tasks/register.yml
+++ b/ansible/roles/barbican/tasks/register.yml
@@ -40,3 +40,18 @@
   retries: 10
   delay: 5
   run_once: True
+
+- name: Creating default barbican roles
+  kolla_toolbox:
+    module_name: os_keystone_role
+    module_args:
+      name: "{{ item }}"
+      auth: "{{ '{{ openstack_barbican_auth }}' }}"
+    module_extra_vars:
+      openstack_barbican_auth: "{{ openstack_barbican_auth }}"
+  run_once: True
+  with_items:
+    - "{{ barbican_keymanager_role }}"
+    - "{{ barbican_creator_role }}"
+    - "{{ barbican_observer_role }}"
+    - "{{ barbican_audit_role }}"