barbican: fix values overrides for stein and ocata

When the default release was switched from ocata to stein, some of the
policies were duplicated. This moves the ocata overrides back to where
they belong, and adds overrides for pike, queens, and rocky.

Change-Id: I342d69e721b2692987951055e41ed5e153a91d6c

barbican/values.yaml

@@ -322,14 +322,10 @@ conf:
     admin_or_creator: rule:admin or rule:creator
     all_but_audit: rule:admin or rule:observer or rule:creator
     all_users: rule:admin or rule:observer or rule:creator or rule:audit or rule:service_admin
-    secret_project_match: project:%(target.secret.project_id)s
     secret_acl_read: "'read':%(target.secret.read)s"
     secret_private_read: "'False':%(target.secret.read_project_access)s"
-    secret_creator_user: user:%(target.secret.creator_id)s
-    container_project_match: project:%(target.container.project_id)s
     container_acl_read: "'read':%(target.container.read)s"
     container_private_read: "'False':%(target.container.read_project_access)s"
-    container_creator_user: user:%(target.container.creator_id)s
     secret_non_private_read: rule:all_users and rule:secret_project_match and not rule:secret_private_read
     secret_decrypt_non_private_read: rule:all_but_audit and rule:secret_project_match
       and not rule:secret_private_read

barbican/values_overrides/ocata.yaml

@@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s

barbican/values_overrides/pike.yaml

@@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s

barbican/values_overrides/queens.yaml

@@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s

barbican/values_overrides/rocky.yaml

@@ -0,0 +1,6 @@
+conf:
+  policy:
+    secret_project_match: project:%(target.secret.project_id)s
+    secret_creator_user: user:%(target.secret.creator_id)s
+    container_project_match: project:%(target.container.project_id)s
+    container_creator_user: user:%(target.container.creator_id)s