From f62cee54240591f6c54ca4adf2e296423a6aee1c Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 1 Jul 2015 16:28:00 +0000
Subject: [PATCH] Declare fedmsg certs for the fedora hosted nodes.

---
 inventory/group_vars/hosted | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 inventory/group_vars/hosted

diff --git a/inventory/group_vars/hosted b/inventory/group_vars/hosted
new file mode 100644
index 0000000000..5f63f720ae
--- /dev/null
+++ b/inventory/group_vars/hosted
@@ -0,0 +1,27 @@
+
+
+# Even though the hosted nodes are still deployed with puppet, we have this
+# definition here so that the fedmsg authz policy can be generated correctly.
+# ... when we eventually fully ansibilize these hosts, just fill out the rest of
+# this file with the other vars we need.  --threebean
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: trac
+  owner: root
+  group: apache
+  can_send:
+  - trac.ticket.delete
+  - trac.ticket.new
+  - trac.ticket.update
+  - trac.wiki.page.delete
+  - trac.wiki.page.new
+  - trac.wiki.page.rename
+  - trac.wiki.page.update
+  - trac.wiki.page.version.delete
+- service: git
+  owner: root
+  group: cla_done
+  can_send:
+  - trac.git.receive