Configurable policy.json for keystone

Copy custom policy.json into keystone container

Change-Id: I58787c3dd7adbeff47d0898c23db95f5919510d3
Closes-Bug: #1604431

ansible/roles/keystone/tasks/config.yml

@@ -1,4 +1,8 @@
 ---
+- name: Check if Policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
+  register: keystone_policy
+
 - name: Check if Keystone Domain specific settings enabled
   local_action: stat path="{{ node_custom_config }}/keystone/domains"
   register: keystone_domain_cfg
@@ -49,6 +53,13 @@
   with_fileglob:
     - "{{ node_custom_config }}/keystone/domains/*"
 
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/keystone/policy.json"
+    dest: "{{ node_config_directory }}/keystone/policy.json"
+  when:
+    keystone_policy.stat.exists
+
 - name: Copying over wsgi-keystone.conf
   template:
     src: "wsgi-keystone.conf.j2"

ansible/roles/keystone/templates/keystone.json.j2

@@ -16,6 +16,13 @@
             "perm": "0600",
             "optional": true
         },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/keystone/policy.json",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
         {
             "source": "{{ container_config_directory }}/wsgi-keystone.conf",
             "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",