From 91053af09dace8dba65c9e5b72eb7de15fd69522 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Tue, 14 Mar 2017 21:09:11 -0400
Subject: Allow to configure policy.json for OpenStack projects

For both containers and classic deployments, allow to configure
policy.json for all OpenStack APIs with new parameters (hash,
empty by default).

Example of new parameter: NovaApiPolicies.
See environments/nova-api-policy.yaml for how the feature can be used.

Note: use it with extreme caution.

Partial-implement: blueprint modify-policy-json
Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
---
 puppet/services/octavia-api.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'puppet/services/octavia-api.yaml')

diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
index 909a3030..2f898a67 100644
--- a/puppet/services/octavia-api.yaml
+++ b/puppet/services/octavia-api.yaml
@@ -34,6 +34,12 @@ parameters:
     default:
       tag: openstack.octavia.api
       path: /var/log/octavia/api.log
+  OctaviaApiPolicies:
+    description: |
+      A hash of policies to configure for Octavia API.
+      e.g. { octavia-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
 
@@ -57,6 +63,7 @@ outputs:
         map_merge:
           - get_attr: [OctaviaBase, role_data, config_settings]
           - octavia::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            octavia::policy::policies: {get_param: OctaviaApiPolicies}
             octavia::db::database_connection:
               list_join:
                 - ''
-- 
cgit 1.2.3-korg