From 7b18c0ecbbd55835dd3225e0f46a8932627f0312 Mon Sep 17 00:00:00 2001 From: Pedro Almeida Date: Wed, 1 Dec 2021 11:47:01 -0300 Subject: [PATCH] Update on enhanced-policies README This is a small update to include a message to warn that these overrides should not be used separately. Also including the --reuse-values parameter. This makes sure that it keeps the current configuration, adding the new override values. Closes-Bug: #1953056 Signed-off-by: Pedro Almeida Change-Id: I0e3595d4bc9839a3e4246a206192018b927f2c5a --- enhanced-policies/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/enhanced-policies/README.md b/enhanced-policies/README.md index 0ca31c04..2b0ff4d2 100644 --- a/enhanced-policies/README.md +++ b/enhanced-policies/README.md @@ -3,6 +3,7 @@ Enhanced Policies This repository aims to provide enhanced policies for stx-openstack. +It's important that all the overrides files get applied, some of the rules present in a policy from one service might depend on other services to work (e.g. nova commands might depend on glance/cinder/neutron permissions). They should not be used separately. |Design|Roles|Permissions summary| |:-------------|-------------|:-----| @@ -73,12 +74,12 @@ Make sure you have access to the Openstack CLI, follow the instructions on [this ``` source /etc/platform/openrc - system helm-override-update stx-openstack keystone openstack --values=rbac/keystone-policy-overrides.yml - system helm-override-update stx-openstack cinder openstack --values=rbac/cinder-policy-overrides.yml - system helm-override-update stx-openstack nova openstack --values=rbac/nova-policy-overrides.yml - system helm-override-update stx-openstack neutron openstack --values=rbac/neutron-policy-overrides.yml - system helm-override-update stx-openstack glance openstack --values=rbac/glance-policy-overrides.yml - system helm-override-update stx-openstack horizon openstack --values=rbac/horizon-policy-overrides.yml + system helm-override-update stx-openstack keystone openstack --reuse-values --values=rbac/keystone-policy-overrides.yml + system helm-override-update stx-openstack cinder openstack --reuse-values --values=rbac/cinder-policy-overrides.yml + system helm-override-update stx-openstack nova openstack --reuse-values --values=rbac/nova-policy-overrides.yml + system helm-override-update stx-openstack neutron openstack --reuse-values --values=rbac/neutron-policy-overrides.yml + system helm-override-update stx-openstack glance openstack --reuse-values --values=rbac/glance-policy-overrides.yml + system helm-override-update stx-openstack horizon openstack --reuse-values --values=rbac/horizon-policy-overrides.yml system application-apply stx-openstack ```