Heat: Present policy rules for all services
The policy rules are used not only by heat-api but also by heat-api-cfn and heat-engine. This change ensures the policy rules defined by the HeatApiPolicies parameter is rendered into hieradata in the node where these heat services are running, even if these services run on separate nodes. Backport note: This backport additionally removes the HeatApiPolicies parameter from heat-api, because stable/wallaby and older releases do not have [1]. [1]f63176e97a
Change-Id: Ic278c69110d427118c5ff9b4bddc72493434154a Closes-Bug: #1983342 Depends-on: https://review.opendev.org/861128 (cherry picked from commitd503ee5fc9
) (cherry picked from commit69bdb2d6b6
)
This commit is contained in:
parent
dae1f19d20
commit
ef6bdb3128
|
@ -68,12 +68,6 @@ parameters:
|
|||
MonitoringSubscriptionHeatApi:
|
||||
default: 'overcloud-heat-api'
|
||||
type: string
|
||||
HeatApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Heat API.
|
||||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
HeatStackDomainAdminPassword:
|
||||
description: Password for heat_stack_domain_admin user.
|
||||
type: string
|
||||
|
@ -158,7 +152,6 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, HeatApiNetwork]}
|
||||
heat::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
|
||||
heat::wsgi::apache_api::vhost_custom_fragment: 'Timeout 600'
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::api::service_name: 'httpd'
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
|
||||
# for the given network; replacement examples (eg. for internal_api):
|
||||
|
|
|
@ -145,6 +145,12 @@ parameters:
|
|||
description: |
|
||||
Use the advanced (eventlet safe) memcached client pool.
|
||||
default: true
|
||||
HeatApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Heat API.
|
||||
e.g. { heat-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: HeatDebug}, '']}
|
||||
|
@ -172,6 +178,7 @@ outputs:
|
|||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: HeatDebug }
|
||||
heat::policy::policies: {get_param: HeatApiPolicies}
|
||||
heat::enable_proxy_headers_parsing: true
|
||||
heat::rpc_response_timeout: 600
|
||||
heat::rabbit_heartbeat_timeout_threshold: 60
|
||||
|
|
Loading…
Reference in New Issue