Horizon: Manage policy files
This change enables management of policy files for Horizon so that customized policy rules are injected into horizon policy files in addition to service policy files. Depends-on: https://review.opendev.org/823890 Change-Id: I00ca1f4da82cdc25737f462fa024e31316216c12
This commit is contained in:
parent
2a27e8bdbb
commit
f63176e97a
|
@ -221,6 +221,8 @@ outputs:
|
|||
cinder::db::mysql::user: cinder
|
||||
cinder::db::mysql::host: '%'
|
||||
cinder::db::mysql::dbname: cinder
|
||||
horizon:
|
||||
horizon::policy::cinder_policies: {get_param: CinderApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: cinder
|
||||
|
|
|
@ -635,6 +635,8 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_glance_api:
|
||||
- {get_param: GlanceApiLoggingSource}
|
||||
horizon:
|
||||
horizon::policy::glance_policies: {get_param: GlanceApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: glance_api
|
||||
|
|
|
@ -181,6 +181,8 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_heat_api:
|
||||
- {get_param: HeatApiLoggingSource}
|
||||
horizon:
|
||||
horizon::dashboards::heat::policies: {get_param: HeatApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: heat_api
|
||||
|
|
|
@ -674,10 +674,12 @@ outputs:
|
|||
keystone::endpoint::region: {get_param: KeystoneRegion}
|
||||
keystone::admin_password: {get_param: AdminPassword}
|
||||
horizon:
|
||||
if:
|
||||
- {get_param: KeystoneLDAPDomainEnable}
|
||||
- horizon::keystone_multidomain_support: true
|
||||
horizon::keystone_default_domain: 'Default'
|
||||
map_merge:
|
||||
- if:
|
||||
- {get_param: KeystoneLDAPDomainEnable}
|
||||
- horizon::keystone_multidomain_support: true
|
||||
horizon::keystone_default_domain: 'Default'
|
||||
- horizon::policy::keystone_policies: {get_param: KeystonePolicies}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: keystone
|
||||
|
|
|
@ -48,6 +48,12 @@ parameters:
|
|||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
ManilaApiPolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Manila API.
|
||||
e.g. { manila-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
||||
default: {}
|
||||
type: json
|
||||
MonitoringSubscriptionManilaApi:
|
||||
default: 'overcloud-manila-api'
|
||||
type: string
|
||||
|
@ -207,6 +213,7 @@ outputs:
|
|||
manila::api::service_name: 'httpd'
|
||||
manila::api::enable_proxy_headers_parsing: true
|
||||
manila::api::default_share_type: 'default'
|
||||
manila::api::policies: {get_param: ManilaApiPolicies}
|
||||
manila_enabled_share_protocols: {get_param: ManilaEnabledShareProtocols}
|
||||
manila::cron::db_purge::minute: {get_param: ManilaCronDbPurgeMinute}
|
||||
manila::cron::db_purge::hour: {get_param: ManilaCronDbPurgeHour}
|
||||
|
@ -224,7 +231,11 @@ outputs:
|
|||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, ManilaApiNetwork]}
|
||||
manila::wsgi::apache::workers: {get_param: ManilaWorkers}
|
||||
service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- {get_attr: [ManilaBase, role_data, service_config_settings]}
|
||||
- horizon:
|
||||
horizon::dashboard::manila::policies: {get_param: ManilaApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: manila
|
||||
|
|
|
@ -434,7 +434,8 @@ outputs:
|
|||
neutron::db::mysql::user: neutron
|
||||
neutron::db::mysql::host: '%'
|
||||
neutron::db::mysql::dbname: ovs_neutron
|
||||
|
||||
horizon:
|
||||
horizon::policy::neutron_policies: {get_param: NeutronApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
|
|
|
@ -409,6 +409,7 @@ outputs:
|
|||
rsyslog:
|
||||
tripleo_logging_sources_nova_api:
|
||||
- {get_param: NovaApiLoggingSource}
|
||||
horizon: {get_attr: [NovaBase, role_data, service_config_settings], horizon}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: nova
|
||||
|
|
|
@ -263,7 +263,7 @@ outputs:
|
|||
nova::policy::enforce_new_defaults: {get_param: EnforceSecureRbac}
|
||||
nova::policy::enforce_scope: {get_param: EnforceSecureRbac}
|
||||
nova::policy::purge_config: true
|
||||
nova::policy::policies:
|
||||
nova::policy::policies: &nova_policies
|
||||
map_merge:
|
||||
- {get_param: NovaApiPolicies}
|
||||
- if:
|
||||
|
@ -296,3 +296,5 @@ outputs:
|
|||
service_config_settings:
|
||||
rabbitmq:
|
||||
nova::rabbit_use_ssl: {get_param: RpcUseSSL}
|
||||
horizon:
|
||||
horizon::policy::nova_policies: *nova_policies
|
||||
|
|
|
@ -231,6 +231,8 @@ outputs:
|
|||
octavia::db::mysql::user: {get_param: OctaviaUserName}
|
||||
octavia::db::mysql::host: '%'
|
||||
octavia::db::mysql::dbname: octavia
|
||||
horizon:
|
||||
octavia::dashboards::heat::policies: {get_param: OctaviaApiPolicies}
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
config_volume: octavia
|
||||
|
|
Loading…
Reference in New Issue