heat_template_version: wallaby

description: >
  Configure TripleO Masquerade networks with Ansible.

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry. Use
                 parameter_merge_strategies to merge it with the defaults.
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  # Notes: we keep this as-is in this role, and don't push it anywhere else.
  # This allows to keep things separated, and ensure we'll avoid pushing those
  # rules onto the overcloud by mistake.
  MasqueradeNetworks:
    default: {'192.168.24.0/24': ['192.168.24.0/24', '192.168.25.0/24']}
    description: Hash of masquerade networks to manage.
    type: json

outputs:
  role_data:
    description: Role data for the TripleO Masquerade Networks service.
    # Notes: This value is there aggregated with other firewall_rules and
    # used in the firewall service, where it's passed to the
    # tripleo-ansible/tripleo_firewall role. This present service is therefore
    # just a way to pass over values for proper masquerade.
    value:
      service_name: masquerade_networks
      ansible_group_vars:
        tripleo_masquerade_networks: {get_param: MasqueradeNetworks }