From 91053af09dace8dba65c9e5b72eb7de15fd69522 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Tue, 14 Mar 2017 21:09:11 -0400
Subject: Allow to configure policy.json for OpenStack projects

For both containers and classic deployments, allow to configure
policy.json for all OpenStack APIs with new parameters (hash,
empty by default).

Example of new parameter: NovaApiPolicies.
See environments/nova-api-policy.yaml for how the feature can be used.

Note: use it with extreme caution.

Partial-implement: blueprint modify-policy-json
Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
---
 puppet/services/sahara-api.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'puppet/services/sahara-api.yaml')

diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 96b3d6e3..d9f2115a 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -38,6 +38,12 @@ parameters:
     default:
       tag: openstack.sahara.api
       path: /var/log/sahara/sahara-api.log
+  SaharaApiPolicies:
+    description: |
+      A hash of policies to configure for Sahara API.
+      e.g. { sahara-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
+    default: {}
+    type: json
 
 resources:
   SaharaBase:
@@ -60,6 +66,7 @@ outputs:
         map_merge:
           - get_attr: [SaharaBase, role_data, config_settings]
           - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]}
+            sahara::policy::policies: {get_param: SaharaApiPolicies}
             sahara::service::api::api_workers: {get_param: SaharaWorkers}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
-- 
cgit 1.2.3-korg