Heat: Present policy rules for all services
The policy rules are used not only by heat-api but also by heat-api-cfn and heat-engine. This change ensures the policy rules defined by the HeatApiPolicies parameter is rendered into hieradata in the node where these heat services are running, even if these services run on separate nodes. Change-Id: Ic278c69110d427118c5ff9b4bddc72493434154a Closes-Bug: #1983342 Depends-on: https://review.opendev.org/851803
This commit is contained in:
parent
17744f46db
commit
d503ee5fc9
|
@ -193,7 +193,6 @@ outputs:
|
|||
heat::wsgi::apache_api::access_log_format: 'forwarded'
|
||||
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
heat::wsgi::apache_api::vhost_custom_fragment: 'Timeout 600'
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
|
|
|
@ -144,6 +144,12 @@ parameters:
|
|||
description: |
|
||||
Use the advanced (eventlet safe) memcached client pool.
|
||||
default: true
|
||||
HeatApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Heat API.
|
||||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
EnforceSecureRbac:
|
||||
type: boolean
|
||||
default: false
|
||||
|
@ -184,6 +190,7 @@ outputs:
|
|||
- {get_param: HeatDebug}
|
||||
- true
|
||||
- {get_param: Debug}
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::enable_proxy_headers_parsing: true
|
||||
heat::rpc_response_timeout: {get_param: HeatRpcResponseTimeout}
|
||||
heat::rabbit_heartbeat_timeout_threshold: 60
|
||||
|
|
Loading…
Reference in New Issue