c9635bf92e
This commit adds a tool that parses a directory of service.yaml policy files and then converts them to the appropriate THT structure, using the necessary service variables and templating. The enable-secure-rbac.yaml is simply the current defaults generated from code. First, generate all the policy files for each OpenStack service: $ oslopolicy-sample-generator --namespace $SERVICE --output-file $DEST/$SERVICE.yaml Next, uncomment all the default policies as a starting point for making policy changes: $ sed -i 's/^#"/"/g' $DEST/$SERVICE.yaml Next you can make changes to the policy files to reflect the changes you want in your deployment. Finally, you can generate the necessary heat template: $ ./convert_policy_yaml_to_heat_template.py -d $DEST The tool outputs to stdout. It's up to the user to redirect to a file if they wish to save results. The enable-secure-rbac.yaml environment will be updated in subsequent patches to implement project personas. Change-Id: I9957243d307758f56b84cde3a408006d8161fa41 |
||
|---|---|---|
| .. | ||
| tests | ||
| __init__.py | ||
| check-up-to-date.sh | ||
| convert_heat_nic_config_to_ansible_j2.py | ||
| convert_nic_config.py | ||
| convert_policy_yaml_to_heat_template.py | ||
| convert_v1_net_data.py | ||
| make_ceph_disk_list.py | ||
| merge-new-params-nic-config-script.py | ||
| process-templates.py | ||
| releasenotes_tox.sh | ||
| render-ansible-tasks.py | ||
| roles-data-generate-samples.sh | ||
| roles-data-generate.py | ||
| roles-data-validation.sh | ||
| yaml-diff.py | ||
| yaml-validate.py | ||