Browse Source

[US:349446] Adding capabilites for reading policy.yaml file.

Change-Id: I202a98d37988d57e0f09e15200d719f9111231d3
changes/98/617698/21
Rahul Khiyani 7 months ago
parent
commit
e7f61a12fa

+ 2
- 0
charts/promenade/templates/configmap-etc.yaml View File

@@ -55,4 +55,6 @@ data:
55 55
 {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
56 56
   promenade.conf: |+
57 57
 {{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | indent 4 }}
58
+  policy.yaml: |+
59
+{{ toYaml .Values.conf.policy | indent 4 }}
58 60
 {{- end }}

+ 3
- 0
charts/promenade/templates/deployment-api.yaml View File

@@ -86,6 +86,9 @@ spec:
86 86
               readOnly: true
87 87
             - name: cache
88 88
               mountPath: /tmp/cache
89
+            - name: promenade-etc
90
+              mountpath: /etc/promenade/policy.yaml
91
+              subPath: policy.yaml
89 92
       volumes:
90 93
         - name: promenade-etc
91 94
           configMap:

+ 10
- 0
charts/promenade/values.yaml View File

@@ -18,6 +18,16 @@ conf:
18 18
       delay_auth_decision: true
19 19
       auth_type: password
20 20
       auth_section: keystone_authtoken
21
+    oslo_policy:
22
+      policy_file: policy.yaml
23
+      policy_default_rule: admin_required
24
+      policy_dirs: policy.d
25
+
26
+  policy:
27
+    admin_required: 'role:admin or is_admin:1'
28
+    'kubernetes_provisioner:get_join_scripts': 'rule:admin_required'
29
+    'kubernetes_provisioner:post_validatedesign': 'rule:admin_required'
30
+    'kubernetes_provisioner:update_node_labels': 'rule:admin_required'
21 31
 
22 32
   paste:
23 33
     pipeline:main:

Loading…
Cancel
Save