c9635bf92e
This commit adds a tool that parses a directory of service.yaml policy files and then converts them to the appropriate THT structure, using the necessary service variables and templating. The enable-secure-rbac.yaml is simply the current defaults generated from code. First, generate all the policy files for each OpenStack service: $ oslopolicy-sample-generator --namespace $SERVICE --output-file $DEST/$SERVICE.yaml Next, uncomment all the default policies as a starting point for making policy changes: $ sed -i 's/^#"/"/g' $DEST/$SERVICE.yaml Next you can make changes to the policy files to reflect the changes you want in your deployment. Finally, you can generate the necessary heat template: $ ./convert_policy_yaml_to_heat_template.py -d $DEST The tool outputs to stdout. It's up to the user to redirect to a file if they wish to save results. The enable-secure-rbac.yaml environment will be updated in subsequent patches to implement project personas. Change-Id: I9957243d307758f56b84cde3a408006d8161fa41 |
||
---|---|---|
.. | ||
tests | ||
__init__.py | ||
check-up-to-date.sh | ||
convert_heat_nic_config_to_ansible_j2.py | ||
convert_nic_config.py | ||
convert_policy_yaml_to_heat_template.py | ||
convert_v1_net_data.py | ||
make_ceph_disk_list.py | ||
merge-new-params-nic-config-script.py | ||
process-templates.py | ||
releasenotes_tox.sh | ||
render-ansible-tasks.py | ||
roles-data-generate-samples.sh | ||
roles-data-generate.py | ||
roles-data-validation.sh | ||
yaml-diff.py | ||
yaml-validate.py |