Merge "Changing all policies to yaml format"

2021-06-02 17:08:10 +00:00 · 2021-06-02 17:08:10 +00:00 · 4e8a843222
parent 5ff0afcb0d 8ab6013409
commit 4e8a843222
85 changed files with 136 additions and 99 deletions
--- a/aodh/Chart.yaml
+++ b/aodh/Chart.yaml
@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: Openstack-Helm Aodh
 name: aodh
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/aodh/latest/
 sources:
  - https://opendev.org/openstack/aodh
--- a/aodh/templates/configmap-etc.yaml
+++ b/aodh/templates/configmap-etc.yaml
@ -115,6 +115,6 @@ data:
  aodh.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.aodh | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_aodh "key" "wsgi-aodh.conf" "format" "Secret" ) | indent 2 }}
 {{- end }}
--- a/aodh/templates/deployment-api.yaml
+++ b/aodh/templates/deployment-api.yaml
@ -97,8 +97,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: aodh-etc
-              mountPath: /etc/aodh/policy.json
-              subPath: policy.json
+              mountPath: /etc/aodh/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: aodh-etc
              mountPath: /etc/apache2/conf-enabled/wsgi-aodh.conf
--- a/aodh/templates/deployment-evaluator.yaml
+++ b/aodh/templates/deployment-evaluator.yaml
@ -84,8 +84,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: aodh-etc
-              mountPath: /etc/aodh/policy.json
-              subPath: policy.json
+              mountPath: /etc/aodh/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: aodh-bin
              mountPath: /tmp/aodh-evaluator.sh
--- a/aodh/templates/deployment-listener.yaml
+++ b/aodh/templates/deployment-listener.yaml
@ -84,8 +84,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: aodh-etc
-              mountPath: /etc/aodh/policy.json
-              subPath: policy.json
+              mountPath: /etc/aodh/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: aodh-bin
              mountPath: /tmp/aodh-listener.sh
--- a/aodh/templates/deployment-notifier.yaml
+++ b/aodh/templates/deployment-notifier.yaml
@ -84,8 +84,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: aodh-etc
-              mountPath: /etc/aodh/policy.json
-              subPath: policy.json
+              mountPath: /etc/aodh/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: aodh-bin
              mountPath: /tmp/aodh-notifier.sh
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@ -463,6 +463,8 @@ conf:
      log_config_append: /etc/aodh/logging.conf
    oslo_middleware:
      enable_proxy_headers_parsing: true
+    oslo_policy:
+      policy_file: /etc/aodh/policy.yaml
    database:
      alarm_history_time_to_live: 86400
      max_retries: -1
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@ -93,6 +93,6 @@ data:
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
  barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
 {{- end }}
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@ -101,8 +101,8 @@ spec:
              subPath: barbican-api-paste.ini
              readOnly: true
            - name: barbican-etc
-              mountPath: /etc/barbican/policy.json
-              subPath: policy.json
+              mountPath: /etc/barbican/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: barbican-bin
              mountPath: /tmp/barbican.sh
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -464,6 +464,8 @@ conf:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
      bind_port: null
+    oslo_policy:
+      policy_file: /etc/barbican/policy.yaml
  logging:
    loggers:
      keys:
--- a/ceilometer/Chart.yaml
+++ b/ceilometer/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceilometer
 name: ceilometer
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/ceilometer/latest/
 sources:
  - https://opendev.org/openstack/ceilometer
--- a/ceilometer/templates/configmap-etc.yaml
+++ b/ceilometer/templates/configmap-etc.yaml
@ -117,7 +117,7 @@ data:
  rally_tests.yaml: {{ toYaml .Values.conf.rally_tests | b64enc }}
  ceilometer.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ceilometer | b64enc }}
  api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
  event_pipeline.yaml: {{ toYaml .Values.conf.event_pipeline | b64enc }}
  pipeline.yaml: {{ toYaml .Values.conf.pipeline | b64enc }}
--- a/ceilometer/templates/daemonset-compute.yaml
+++ b/ceilometer/templates/daemonset-compute.yaml
@ -73,8 +73,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/event_definitions.yaml
--- a/ceilometer/templates/daemonset-ipmi.yaml
+++ b/ceilometer/templates/daemonset-ipmi.yaml
@ -75,8 +75,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/event_definitions.yaml
--- a/ceilometer/templates/deployment-api.yaml
+++ b/ceilometer/templates/deployment-api.yaml
@ -85,8 +85,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/api_audit_map.conf
--- a/ceilometer/templates/deployment-central.yaml
+++ b/ceilometer/templates/deployment-central.yaml
@ -71,8 +71,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/event_definitions.yaml
--- a/ceilometer/templates/deployment-collector.yaml
+++ b/ceilometer/templates/deployment-collector.yaml
@ -71,8 +71,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/event_definitions.yaml
--- a/ceilometer/templates/deployment-notification.yaml
+++ b/ceilometer/templates/deployment-notification.yaml
@ -71,8 +71,8 @@ spec:
              subPath: api_paste.ini
              readOnly: true
            - name: ceilometer-etc
-              mountPath: /etc/ceilometer/policy.json
-              subPath: policy.json
+              mountPath: /etc/ceilometer/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: ceilometer-etc
              mountPath: /etc/ceilometer/event_definitions.yaml
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@ -208,6 +208,8 @@ conf:
      topics:
        - notifications
        - profiler
+    oslo_policy:
+      policy_file: /etc/ceilometer/policy.yaml
    cache:
      enabled: true
      backend: dogpile.cache.memcached
--- a/designate/Chart.yaml
+++ b/designate/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Designate
 name: designate
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/designate/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg
 sources:
--- a/designate/templates/configmap-etc.yaml
+++ b/designate/templates/configmap-etc.yaml
@ -74,7 +74,7 @@ type: Opaque
 data:
  designate.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.designate | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.pools "key" "pools.yaml" "format" "Secret" ) | indent 2 }}

--- a/designate/templates/deployment-api.yaml
+++ b/designate/templates/deployment-api.yaml
@ -87,8 +87,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/templates/deployment-central.yaml
+++ b/designate/templates/deployment-central.yaml
@ -74,8 +74,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/templates/deployment-mdns.yaml
+++ b/designate/templates/deployment-mdns.yaml
@ -85,8 +85,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/templates/deployment-producer.yaml
+++ b/designate/templates/deployment-producer.yaml
@ -74,8 +74,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/templates/deployment-sink.yaml
+++ b/designate/templates/deployment-sink.yaml
@ -70,8 +70,8 @@ spec:
              subPath: designate.conf
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/templates/deployment-worker.yaml
+++ b/designate/templates/deployment-worker.yaml
@ -99,8 +99,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: designate-etc
-              mountPath: /etc/designate/policy.json
-              subPath: policy.json
+              mountPath: /etc/designate/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            {{- if .Values.conf.designate.DEFAULT.log_config_append }}
            - name: designate-etc
--- a/designate/values.yaml
+++ b/designate/values.yaml
@ -562,6 +562,8 @@ conf:
      notify: false
    oslo_middleware:
      enable_proxy_headers_parsing: true
+    oslo_policy:
+      policy_file: /etc/designate/policy.yaml
    database:
      max_retries: -1
    storage:sqlalchemy:
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.2.2
+version: 0.2.3
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -195,7 +195,7 @@ data:
  glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
  glance-registry.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_registry | b64enc }}
  glance-registry-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste_registry | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
 {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }}
 {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@ -194,8 +194,8 @@ spec:
              subPath: glance-api-paste.ini
              readOnly: true
            - name: glance-etc
-              mountPath: /etc/glance/policy.json
-              subPath: policy.json
+              mountPath: /etc/glance/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: glance-etc
              mountPath: /etc/glance/api_audit_map.conf
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@ -105,8 +105,8 @@ spec:
              subPath: glance-registry-paste.ini
              readOnly: true
            - name: glance-etc
-              mountPath: /etc/glance/policy.json
-              subPath: policy.json
+              mountPath: /etc/glance/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image_registry.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -284,6 +284,8 @@ conf:
      driver: messagingv2
    oslo_messaging_rabbit:
      rabbit_ha_queues: true
+    oslo_policy:
+      policy_file: /etc/glance/policy.yaml
    cors: {}
  logging:
    loggers:
--- a/heat/Chart.yaml
+++ b/heat/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.2.1
+version: 0.2.2
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@ -140,7 +140,7 @@ data:
  heat.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- if .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_heat "key" "wsgi-heat.conf" "format" "Secret" ) | indent 2 }}
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@ -104,8 +104,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: heat-etc
-              mountPath: /etc/heat/policy.json
-              subPath: policy.json
+              mountPath: /etc/heat/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: heat-etc
              mountPath: /etc/heat/api_audit_map.conf
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@ -104,8 +104,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: heat-etc
-              mountPath: /etc/heat/policy.json
-              subPath: policy.json
+              mountPath: /etc/heat/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: heat-etc
              mountPath: /etc/heat/api_audit_map.conf
--- a/heat/templates/deployment-cloudwatch.yaml
+++ b/heat/templates/deployment-cloudwatch.yaml
@ -97,8 +97,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: heat-etc
-              mountPath: /etc/heat/policy.json
-              subPath: policy.json
+              mountPath: /etc/heat/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: heat-etc
              mountPath: /etc/heat/api_audit_map.conf
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@ -96,8 +96,8 @@ spec:
              readOnly: true
            {{ end }}
            - name: heat-etc
-              mountPath: /etc/heat/policy.json
-              subPath: policy.json
+              mountPath: /etc/heat/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -473,6 +473,8 @@ conf:
      enable_proxy_headers_parsing: true
    oslo_messaging_rabbit:
      rabbit_ha_queues: True
+    oslo_policy:
+      policy_file: /etc/heat/policy.yaml
  api_audit_map:
    DEFAULT:
      target_endpoint_type: None
--- a/horizon/Chart.yaml
+++ b/horizon/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.2.1
+version: 0.2.2
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:
--- a/horizon/templates/configmap-etc.yaml
+++ b/horizon/templates/configmap-etc.yaml
@ -27,6 +27,6 @@ data:
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.security "key" "security.conf" "format" "Secret" ) | indent 2 }}
 {{- end }}
 {{- range $key, $value := .Values.conf.horizon.policy }}
-  {{ printf "%s_policy.json" $key }}: {{ $value | toPrettyJson | b64enc }}
+  {{ printf "%s_policy.yaml" $key }}: {{ $value | toPrettyJson | b64enc }}
 {{- end }}
 {{- end }}
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@ -123,7 +123,7 @@ spec:
              subPath: local_settings
              readOnly: true
            {{- range $key, $value := $envAll.Values.conf.horizon.policy }}
-            {{- $policyFile := printf "/etc/openstack-dashboard/%s_policy.json" $key }}
+            {{- $policyFile := printf "/etc/openstack-dashboard/%s_policy.yaml" $key }}
            - name: horizon-etc
              mountPath: {{ $policyFile }}
              subPath: {{ base $policyFile }}
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@ -631,17 +631,17 @@ conf:
        # OpenStack services are using to determine role based access control in the
        # target installation.

-        # Path to directory containing policy.json files
+        # Path to directory containing policy.yaml files
        POLICY_FILES_PATH = '/etc/openstack-dashboard'
        # Map of local copy of service policy files
        #POLICY_FILES = {
-        #    'identity': 'keystone_policy.json',
-        #    'compute': 'nova_policy.json',
-        #    'volume': 'cinder_policy.json',
-        #    'image': 'glance_policy.json',
-        #    'orchestration': 'heat_policy.json',
-        #    'network': 'neutron_policy.json',
-        #    'telemetry': 'ceilometer_policy.json',
+        #    'identity': 'keystone_policy.yaml',
+        #    'compute': 'nova_policy.yaml',
+        #    'volume': 'cinder_policy.yaml',
+        #    'image': 'glance_policy.yaml',
+        #    'orchestration': 'heat_policy.yaml',
+        #    'network': 'neutron_policy.yaml',
+        #    'telemetry': 'ceilometer_policy.yaml',
        #}

        # Trove user and database extension support. By default support for
--- a/ironic/Chart.yaml
+++ b/ironic/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ironic
 name: ironic
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/ironic/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png
 sources:
--- a/ironic/templates/configmap-etc.yaml
+++ b/ironic/templates/configmap-etc.yaml
@ -203,7 +203,7 @@ type: Opaque
 data:
  ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
-  policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file" "format" "Secret" ) | indent 2 }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
 {{- end }}
--- a/ironic/templates/deployment-api.yaml
+++ b/ironic/templates/deployment-api.yaml
@ -131,8 +131,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: ironic-etc
-              mountPath: /etc/ironic/policy.json
-              subPath: policy.json
+              mountPath: /etc/ironic/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: pod-shared
              mountPath: /tmp/pod-shared
--- a/ironic/templates/statefulset-conductor.yaml
+++ b/ironic/templates/statefulset-conductor.yaml
@ -181,8 +181,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: ironic-etc
-              mountPath: /etc/ironic/policy.json
-              subPath: policy.json
+              mountPath: /etc/ironic/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: host-var-lib-ironic
              mountPath: /var/lib/ironic
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@ -136,6 +136,8 @@ conf:
      auth_type: password
    swift:
      auth_url: null
+    oslo_policy:
+      policy_file: /etc/ironic/policy.yaml
  logging:
    loggers:
      keys:
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.3
+version: 0.2.4
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@ -54,7 +54,7 @@ data:
  rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
  keystone.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.keystone | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }}
-  policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
  access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }}
  ports.conf: ''
 {{- range $k, $v := .Values.conf.ks_domains }}
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@ -106,8 +106,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: keystone-etc
-              mountPath: /etc/keystone/policy.json
-              subPath: policy.json
+              mountPath: /etc/keystone/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: keystone-etc
              mountPath: /etc/keystone/access_rules.json
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -551,6 +551,8 @@ conf:
      rabbit_ha_queues: true
    oslo_middleware:
      enable_proxy_headers_parsing: true
+    oslo_policy:
+      policy_file: /etc/keystone/policy.yaml
    security_compliance:
      # NOTE(vdrok): The following two options have effect only for SQL backend
      lockout_failure_attempts: 5
--- a/magnum/Chart.yaml
+++ b/magnum/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Magnum
 name: magnum
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/magnum/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png
 sources:
--- a/magnum/templates/configmap-etc.yaml
+++ b/magnum/templates/configmap-etc.yaml
@ -93,5 +93,5 @@ data:
  magnum.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
--- a/magnum/templates/deployment-api.yaml
+++ b/magnum/templates/deployment-api.yaml
@ -103,8 +103,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: magnum-etc
-              mountPath: /etc/magnum/policy.json
-              subPath: policy.json
+              mountPath: /etc/magnum/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: magnum-lock-path
              mountPath: {{ .Values.conf.magnum.oslo_concurrency.lock_path }}
--- a/magnum/templates/statefulset-conductor.yaml
+++ b/magnum/templates/statefulset-conductor.yaml
@ -99,8 +99,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: magnum-etc
-              mountPath: /etc/magnum/policy.json
-              subPath: policy.json
+              mountPath: /etc/magnum/policy.yaml
+              subPath: policy.yaml
              readOnly: true
            - name: pod-shared
              mountPath: /tmp/pod-shared
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@ -119,6 +119,8 @@ conf:
      driver: messaging
    oslo_concurrency:
      lock_path: /var/lib/magnum/tmp
+    oslo_policy:
+      policy_file: /etc/magnum/policy.yaml
    certificates:
      cert_manager_type: barbican
    database:
--- a/mistral/Chart.yaml
+++ b/mistral/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Mistral
 name: mistral
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/mistral/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Mistral/OpenStack_Project_Mistral_vertical.png
 sources:
--- a/mistral/templates/configmap-etc.yaml
+++ b/mistral/templates/configmap-etc.yaml
@ -83,7 +83,7 @@ data:
  rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
  mistral.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.mistral | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
-  policy.json: {{ toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }}
  {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }}
 {{- end }}
--- a/mistral/templates/deployment-api.yaml
+++ b/mistral/templates/deployment-api.yaml
@ -93,8 +93,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: mistral-etc
-              mountPath: /etc/mistral/policy.json
-              subPath: policy.json
+              mountPath: /etc/mistral/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{ if $mounts_mistral_api.volumeMounts }}{{ toYaml $mounts_mistral_api.volumeMounts | indent 12 }}{{ end }}
      volumes:
--- a/mistral/values.yaml
+++ b/mistral/values.yaml
@ -468,6 +468,8 @@ conf:
      auth_type: password
      auth_version: v3
      memcache_security_strategy: ENCRYPT
+    oslo_policy:
+      policy_file: /etc/mistral/policy.yaml
  logging:
    loggers:
      keys:
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.2.1
+version: 0.2.2
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -251,7 +251,7 @@ type: Opaque
 data:
  rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }}
-  policy.json: {{ toJson $envAll.Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml $envAll.Values.conf.policy | b64enc }}
  neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@ -234,8 +234,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: neutron-etc
-              mountPath: /etc/neutron/policy.json
-              subPath: policy.json
+              mountPath: /etc/neutron/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1906,6 +1906,8 @@ conf:
      rabbit_ha_queues: true
    oslo_middleware:
      enable_proxy_headers_parsing: true
+    oslo_policy:
+      policy_file: /etc/neutron/policy.yaml
    nova:
      auth_type: password
      auth_version: v3
--- a/releasenotes/notes/aodh.yaml
+++ b/releasenotes/notes/aodh.yaml
@ -3,3 +3,4 @@ aodh:
  - 0.1.0 Initial Chart
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@ -4,3 +4,4 @@ barbican:
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Added post-install and post-upgrade helm hook for Jobs
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/ceilometer.yaml
+++ b/releasenotes/notes/ceilometer.yaml
@ -3,3 +3,4 @@ ceilometer:
  - 0.1.0 Initial Chart
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/designate.yaml
+++ b/releasenotes/notes/designate.yaml
@ -4,3 +4,4 @@ designate:
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Added post-install and post-upgrade helm hooks on Jobs
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@ -12,3 +12,4 @@ glance:
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Fix the ceph pool creations for openstack services
  - 0.2.2 Adding rabbitmq TLS logic
+  - 0.2.3 Use policies in yaml format
--- a/releasenotes/notes/heat.yaml
+++ b/releasenotes/notes/heat.yaml
@ -8,3 +8,4 @@ heat:
  - 0.1.5 Change Issuer to ClusterIssuer
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Adding rabbitmq TLS logic
+  - 0.2.2 Use policies in yaml format
--- a/releasenotes/notes/horizon.yaml
+++ b/releasenotes/notes/horizon.yaml
@ -11,4 +11,5 @@ horizon:
  - 0.1.8 Implement "CSRF_COOKIE_HTTPONLY" option support in horizon
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Make python script PEP8 compliant
+  - 0.2.2 Use policies in yaml format
 ...
--- a/releasenotes/notes/ironic.yaml
+++ b/releasenotes/notes/ironic.yaml
@ -4,3 +4,4 @@ ironic:
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Added post-install and post-upgrade helm.sh/hook for jobs
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@ -19,4 +19,5 @@ keystone:
  - 0.2.1 Remove paste ini config settings
  - 0.2.2 Make python script PEP8 compliant
  - 0.2.3 Adding rabbitmq TLS logic
+  - 0.2.4 Use policies in yaml format
 ...
--- a/releasenotes/notes/magnum.yaml
+++ b/releasenotes/notes/magnum.yaml
@ -4,3 +4,4 @@ magnum:
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Added post-install and post-upgrade helm hook for jobs
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/mistral.yaml
+++ b/releasenotes/notes/mistral.yaml
@ -4,3 +4,4 @@ mistral:
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Added post-install and post-upgrade hook for Jobs
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -15,3 +15,4 @@ neutron:
  - 0.1.12 Removed "name" parameter from Rally tests
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Adding rabbitmq TLS logic
+  - 0.2.2 Use policies in yaml format
--- a/releasenotes/notes/senlin.yaml
+++ b/releasenotes/notes/senlin.yaml
@ -3,3 +3,4 @@ senlin:
  - 0.1.0 Initial Chart
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.2.0 Remove support for releases before T
+  - 0.2.1 Use policies in yaml format
--- a/senlin/Chart.yaml
+++ b/senlin/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Senlin
 name: senlin
-version: 0.2.0
+version: 0.2.1
 home: https://docs.openstack.org/senlin/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png
 sources:
--- a/senlin/templates/configmap-etc.yaml
+++ b/senlin/templates/configmap-etc.yaml
@ -104,5 +104,5 @@ data:
  senlin.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
-  policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
--- a/senlin/templates/deployment-api.yaml
+++ b/senlin/templates/deployment-api.yaml
@ -103,8 +103,8 @@ spec:
              subPath: api-paste.ini
              readOnly: true
            - name: senlin-etc
-              mountPath: /etc/senlin/policy.json
-              subPath: policy.json
+              mountPath: /etc/senlin/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{ if $mounts_senlin_api.volumeMounts }}{{ toYaml $mounts_senlin_api.volumeMounts | indent 12 }}{{ end }}
      volumes:
--- a/senlin/templates/deployment-engine.yaml
+++ b/senlin/templates/deployment-engine.yaml
@ -78,8 +78,8 @@ spec:
              readOnly: true
            {{- end }}
            - name: senlin-etc
-              mountPath: /etc/senlin/policy.json
-              subPath: policy.json
+              mountPath: /etc/senlin/policy.yaml
+              subPath: policy.yaml
              readOnly: true
 {{ if $mounts_senlin_engine.volumeMounts }}{{ toYaml $mounts_senlin_engine.volumeMounts | indent 12 }}{{ end }}
      volumes:
--- a/senlin/values.yaml
+++ b/senlin/values.yaml
@ -179,6 +179,8 @@ conf:
      # NOTE(portdirect): the bind port should not be defined, and is manipulated
      # via the endpoints section.
      bind_port: null
+    oslo_policy:
+      policy_file: /etc/senlin/policy.yaml
  logging:
    loggers:
      keys: