airship/promenade
Code Issues Proposed changes

[US:349446] Adding capabilites for reading policy.yaml file.

Browse Source 
Change-Id: I202a98d37988d57e0f09e15200d719f9111231d3
This commit is contained in:
Rahul Khiyani 2018-11-13 10:29:48 -05:00
parent 16744e5c75
commit e7f61a12fa
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/promenade/templates/configmap-etc.yaml
View File

@ -55,4 +55,6 @@ data:
{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
promenade.conf: |+ promenade.conf: |+
{{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | indent 4 }} {{ include "helm-toolkit.utils.to_ini" .Values.conf.promenade | indent 4 }}
policy.yaml: |+
{{ toYaml .Values.conf.policy | indent 4 }}
{{- end }} {{- end }}

3
charts/promenade/templates/deployment-api.yaml
View File

@ -86,6 +86,9 @@ spec:
readOnly: true readOnly: true
- name: cache - name: cache
mountPath: /tmp/cache mountPath: /tmp/cache
- name: promenade-etc
mountpath: /etc/promenade/policy.yaml
subPath: policy.yaml
volumes: volumes:
- name: promenade-etc - name: promenade-etc
configMap: configMap:

10
charts/promenade/values.yaml
View File

@ -18,6 +18,16 @@ conf:
delay_auth_decision: true delay_auth_decision: true
auth_type: password auth_type: password
auth_section: keystone_authtoken auth_section: keystone_authtoken
oslo_policy:
policy_file: policy.yaml
policy_default_rule: admin_required
policy_dirs: policy.d
policy:
admin_required: 'role:admin or is_admin:1'
'kubernetes_provisioner:get_join_scripts': 'rule:admin_required'
'kubernetes_provisioner:post_validatedesign': 'rule:admin_required'
'kubernetes_provisioner:update_node_labels': 'rule:admin_required'
paste: paste:
pipeline:main: pipeline:main: