From 91053af09dace8dba65c9e5b72eb7de15fd69522 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 14 Mar 2017 21:09:11 -0400 Subject: Allow to configure policy.json for OpenStack projects For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95 --- puppet/services/ceilometer-api.yaml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/services/ceilometer-api.yaml') diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index f5ee9d40..ba94b451 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -29,6 +29,12 @@ parameters: EnableInternalTLS: type: boolean default: false + CeilometerApiPolicies: + description: | + A hash of policies to configure for Ceilometer API. + e.g. { ceilometer-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json resources: CeilometerServiceBase: @@ -78,6 +84,7 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::policy::policies: {get_param: CeilometerApiPolicies} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::ssl: {get_param: EnableInternalTLS} ceilometer::wsgi::apache::servername: -- cgit 1.2.3-korg