Allow customizing policy rules for Placement Api

Conflicts: deployment/placement/placement-api-container-puppet.yaml Depends-on: https://review.opendev.org/801246 Change-Id: I3ec4703f61fbfd1133d28aa327b7f2374670b613 (cherry picked from commit cbd2842dbc)
2021-07-11 12:37:10 +09:00 · 2021-07-11 12:37:10 +09:00 · 08b3921d9f
commit 08b3921d9f
parent 5a4ddb24a5
2 changed files with 11 additions and 0 deletions
--- a/deployment/placement/placement-api-container-puppet.yaml
+++ b/deployment/placement/placement-api-container-puppet.yaml
@ -100,6 +100,12 @@ parameters:
    default: false
    description: Set to True to enable debugging Placement services.
    type: boolean
+  PlacementPolicies:
+    description: |
+      A hash of policies to configure for Placement API.
+      e.g. { nova-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json

 conditions:
  placement_workers_zero: {equals : [{get_param: PlacementWorkers}, 0]}
@ -173,6 +179,7 @@ outputs:
              - {get_param: Debug}
            placement::policy::enforce_new_defaults: {get_param: EnforceSecureRbac}
            placement::policy::enforce_scope: {get_param: EnforceSecureRbac}
+            placement::policy::policies: {get_param: PlacementPolicies}
            placement::wsgi::apache::api_port: '8778'
            placement::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            # NOTE: bind IP is found in hiera replacing the network name with the local node IP
--- a/releasenotes/notes/placement-policies-db2704ea63d0bdad.yaml
+++ b/releasenotes/notes/placement-policies-db2704ea63d0bdad.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``PlacementPolicies`` parameter has been added.