From 8ab6013409fb6f241483ae55b23ee1ecd914fc37 Mon Sep 17 00:00:00 2001 From: Thiago Brito Date: Mon, 17 May 2021 19:16:54 -0300 Subject: [PATCH] Changing all policies to yaml format In the Victoria cycle oslo.policy decided to change all default policies to yaml format. Today on openstack-helm we have a mix of json and yaml on projects and, after having a bad time debugging policies that should have beeing mounted somewhere but was being mounted elsewhere, I'm proposing this change so we can unify the delivery method for all policies across components on yaml (that is supported for quite some time). This will also avoid having problems in the future as the services move from json to yaml. [1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html Signed-off-by: Thiago Brito Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f --- aodh/Chart.yaml | 2 +- aodh/templates/configmap-etc.yaml | 2 +- aodh/templates/deployment-api.yaml | 4 ++-- aodh/templates/deployment-evaluator.yaml | 4 ++-- aodh/templates/deployment-listener.yaml | 4 ++-- aodh/templates/deployment-notifier.yaml | 4 ++-- aodh/values.yaml | 2 ++ barbican/Chart.yaml | 2 +- barbican/templates/configmap-etc.yaml | 2 +- barbican/templates/deployment-api.yaml | 4 ++-- barbican/values.yaml | 2 ++ ceilometer/Chart.yaml | 2 +- ceilometer/templates/configmap-etc.yaml | 2 +- ceilometer/templates/daemonset-compute.yaml | 4 ++-- ceilometer/templates/daemonset-ipmi.yaml | 4 ++-- ceilometer/templates/deployment-api.yaml | 4 ++-- ceilometer/templates/deployment-central.yaml | 4 ++-- ceilometer/templates/deployment-collector.yaml | 4 ++-- .../templates/deployment-notification.yaml | 4 ++-- ceilometer/values.yaml | 2 ++ designate/Chart.yaml | 2 +- designate/templates/configmap-etc.yaml | 2 +- designate/templates/deployment-api.yaml | 4 ++-- designate/templates/deployment-central.yaml | 4 ++-- designate/templates/deployment-mdns.yaml | 4 ++-- designate/templates/deployment-producer.yaml | 4 ++-- designate/templates/deployment-sink.yaml | 4 ++-- designate/templates/deployment-worker.yaml | 4 ++-- designate/values.yaml | 2 ++ glance/Chart.yaml | 2 +- glance/templates/configmap-etc.yaml | 2 +- glance/templates/deployment-api.yaml | 4 ++-- glance/templates/deployment-registry.yaml | 4 ++-- glance/values.yaml | 2 ++ heat/Chart.yaml | 2 +- heat/templates/configmap-etc.yaml | 2 +- heat/templates/deployment-api.yaml | 4 ++-- heat/templates/deployment-cfn.yaml | 4 ++-- heat/templates/deployment-cloudwatch.yaml | 4 ++-- heat/templates/deployment-engine.yaml | 4 ++-- heat/values.yaml | 2 ++ horizon/Chart.yaml | 2 +- horizon/templates/configmap-etc.yaml | 2 +- horizon/templates/deployment.yaml | 2 +- horizon/values.yaml | 16 ++++++++-------- ironic/Chart.yaml | 2 +- ironic/templates/configmap-etc.yaml | 2 +- ironic/templates/deployment-api.yaml | 4 ++-- ironic/templates/statefulset-conductor.yaml | 4 ++-- ironic/values.yaml | 2 ++ keystone/Chart.yaml | 2 +- keystone/templates/configmap-etc.yaml | 2 +- keystone/templates/deployment-api.yaml | 4 ++-- keystone/values.yaml | 2 ++ magnum/Chart.yaml | 2 +- magnum/templates/configmap-etc.yaml | 2 +- magnum/templates/deployment-api.yaml | 4 ++-- magnum/templates/statefulset-conductor.yaml | 4 ++-- magnum/values.yaml | 2 ++ mistral/Chart.yaml | 2 +- mistral/templates/configmap-etc.yaml | 2 +- mistral/templates/deployment-api.yaml | 4 ++-- mistral/values.yaml | 2 ++ neutron/Chart.yaml | 2 +- neutron/templates/configmap-etc.yaml | 2 +- neutron/templates/deployment-server.yaml | 4 ++-- neutron/values.yaml | 2 ++ releasenotes/notes/aodh.yaml | 1 + releasenotes/notes/barbican.yaml | 1 + releasenotes/notes/ceilometer.yaml | 1 + releasenotes/notes/designate.yaml | 1 + releasenotes/notes/glance.yaml | 1 + releasenotes/notes/heat.yaml | 1 + releasenotes/notes/horizon.yaml | 1 + releasenotes/notes/ironic.yaml | 1 + releasenotes/notes/keystone.yaml | 1 + releasenotes/notes/magnum.yaml | 1 + releasenotes/notes/mistral.yaml | 1 + releasenotes/notes/neutron.yaml | 1 + releasenotes/notes/senlin.yaml | 1 + senlin/Chart.yaml | 2 +- senlin/templates/configmap-etc.yaml | 2 +- senlin/templates/deployment-api.yaml | 4 ++-- senlin/templates/deployment-engine.yaml | 4 ++-- senlin/values.yaml | 2 ++ 85 files changed, 136 insertions(+), 99 deletions(-) diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml index 935bf57626..56c2c33758 100644 --- a/aodh/Chart.yaml +++ b/aodh/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: Openstack-Helm Aodh name: aodh -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/aodh/latest/ sources: - https://opendev.org/openstack/aodh diff --git a/aodh/templates/configmap-etc.yaml b/aodh/templates/configmap-etc.yaml index 3a1cd40d8d..103e3f1886 100644 --- a/aodh/templates/configmap-etc.yaml +++ b/aodh/templates/configmap-etc.yaml @@ -115,6 +115,6 @@ data: aodh.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.aodh | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_aodh "key" "wsgi-aodh.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/aodh/templates/deployment-api.yaml b/aodh/templates/deployment-api.yaml index c43c9e0015..c4ae5efd95 100644 --- a/aodh/templates/deployment-api.yaml +++ b/aodh/templates/deployment-api.yaml @@ -97,8 +97,8 @@ spec: subPath: api-paste.ini readOnly: true - name: aodh-etc - mountPath: /etc/aodh/policy.json - subPath: policy.json + mountPath: /etc/aodh/policy.yaml + subPath: policy.yaml readOnly: true - name: aodh-etc mountPath: /etc/apache2/conf-enabled/wsgi-aodh.conf diff --git a/aodh/templates/deployment-evaluator.yaml b/aodh/templates/deployment-evaluator.yaml index 869dcdfb01..b44aae2ef0 100644 --- a/aodh/templates/deployment-evaluator.yaml +++ b/aodh/templates/deployment-evaluator.yaml @@ -84,8 +84,8 @@ spec: readOnly: true {{- end }} - name: aodh-etc - mountPath: /etc/aodh/policy.json - subPath: policy.json + mountPath: /etc/aodh/policy.yaml + subPath: policy.yaml readOnly: true - name: aodh-bin mountPath: /tmp/aodh-evaluator.sh diff --git a/aodh/templates/deployment-listener.yaml b/aodh/templates/deployment-listener.yaml index 27571a9fe1..db137f6a40 100644 --- a/aodh/templates/deployment-listener.yaml +++ b/aodh/templates/deployment-listener.yaml @@ -84,8 +84,8 @@ spec: readOnly: true {{- end }} - name: aodh-etc - mountPath: /etc/aodh/policy.json - subPath: policy.json + mountPath: /etc/aodh/policy.yaml + subPath: policy.yaml readOnly: true - name: aodh-bin mountPath: /tmp/aodh-listener.sh diff --git a/aodh/templates/deployment-notifier.yaml b/aodh/templates/deployment-notifier.yaml index 77ce7fbd91..7ee8d866c1 100644 --- a/aodh/templates/deployment-notifier.yaml +++ b/aodh/templates/deployment-notifier.yaml @@ -84,8 +84,8 @@ spec: readOnly: true {{- end }} - name: aodh-etc - mountPath: /etc/aodh/policy.json - subPath: policy.json + mountPath: /etc/aodh/policy.yaml + subPath: policy.yaml readOnly: true - name: aodh-bin mountPath: /tmp/aodh-notifier.sh diff --git a/aodh/values.yaml b/aodh/values.yaml index e9ac2cb6e1..6ed0434cb4 100644 --- a/aodh/values.yaml +++ b/aodh/values.yaml @@ -463,6 +463,8 @@ conf: log_config_append: /etc/aodh/logging.conf oslo_middleware: enable_proxy_headers_parsing: true + oslo_policy: + policy_file: /etc/aodh/policy.yaml database: alarm_history_time_to_live: 86400 max_retries: -1 diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml index 26a5a354b2..5ae99f94ef 100644 --- a/barbican/Chart.yaml +++ b/barbican/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Barbican name: barbican -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/barbican/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png sources: diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index a85c120ef9..9a689a1484 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -93,6 +93,6 @@ data: logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }} {{- end }} diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml index 0accd6b7a2..05414c02c3 100644 --- a/barbican/templates/deployment-api.yaml +++ b/barbican/templates/deployment-api.yaml @@ -101,8 +101,8 @@ spec: subPath: barbican-api-paste.ini readOnly: true - name: barbican-etc - mountPath: /etc/barbican/policy.json - subPath: policy.json + mountPath: /etc/barbican/policy.yaml + subPath: policy.yaml readOnly: true - name: barbican-bin mountPath: /tmp/barbican.sh diff --git a/barbican/values.yaml b/barbican/values.yaml index b19ebb2d4e..51b9024457 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -464,6 +464,8 @@ conf: # NOTE(portdirect): the bind port should not be defined, and is manipulated # via the endpoints section. bind_port: null + oslo_policy: + policy_file: /etc/barbican/policy.yaml logging: loggers: keys: diff --git a/ceilometer/Chart.yaml b/ceilometer/Chart.yaml index 24370464cc..48c67d0744 100644 --- a/ceilometer/Chart.yaml +++ b/ceilometer/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceilometer name: ceilometer -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/ceilometer/latest/ sources: - https://opendev.org/openstack/ceilometer diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml index 4b01adc857..564030f823 100644 --- a/ceilometer/templates/configmap-etc.yaml +++ b/ceilometer/templates/configmap-etc.yaml @@ -117,7 +117,7 @@ data: rally_tests.yaml: {{ toYaml .Values.conf.rally_tests | b64enc }} ceilometer.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ceilometer | b64enc }} api_paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} event_pipeline.yaml: {{ toYaml .Values.conf.event_pipeline | b64enc }} pipeline.yaml: {{ toYaml .Values.conf.pipeline | b64enc }} diff --git a/ceilometer/templates/daemonset-compute.yaml b/ceilometer/templates/daemonset-compute.yaml index 4191b3b076..d7047381ac 100644 --- a/ceilometer/templates/daemonset-compute.yaml +++ b/ceilometer/templates/daemonset-compute.yaml @@ -73,8 +73,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/event_definitions.yaml diff --git a/ceilometer/templates/daemonset-ipmi.yaml b/ceilometer/templates/daemonset-ipmi.yaml index 9c8965df4c..58f0e40b8c 100644 --- a/ceilometer/templates/daemonset-ipmi.yaml +++ b/ceilometer/templates/daemonset-ipmi.yaml @@ -75,8 +75,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/event_definitions.yaml diff --git a/ceilometer/templates/deployment-api.yaml b/ceilometer/templates/deployment-api.yaml index 8841e55174..1cc3a2fc54 100644 --- a/ceilometer/templates/deployment-api.yaml +++ b/ceilometer/templates/deployment-api.yaml @@ -85,8 +85,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/api_audit_map.conf diff --git a/ceilometer/templates/deployment-central.yaml b/ceilometer/templates/deployment-central.yaml index a2a2bf3d18..12efc64e38 100644 --- a/ceilometer/templates/deployment-central.yaml +++ b/ceilometer/templates/deployment-central.yaml @@ -71,8 +71,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/event_definitions.yaml diff --git a/ceilometer/templates/deployment-collector.yaml b/ceilometer/templates/deployment-collector.yaml index 6ef79e7eaa..a5b3117254 100644 --- a/ceilometer/templates/deployment-collector.yaml +++ b/ceilometer/templates/deployment-collector.yaml @@ -71,8 +71,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/event_definitions.yaml diff --git a/ceilometer/templates/deployment-notification.yaml b/ceilometer/templates/deployment-notification.yaml index 2d4c911957..1f65ad2121 100644 --- a/ceilometer/templates/deployment-notification.yaml +++ b/ceilometer/templates/deployment-notification.yaml @@ -71,8 +71,8 @@ spec: subPath: api_paste.ini readOnly: true - name: ceilometer-etc - mountPath: /etc/ceilometer/policy.json - subPath: policy.json + mountPath: /etc/ceilometer/policy.yaml + subPath: policy.yaml readOnly: true - name: ceilometer-etc mountPath: /etc/ceilometer/event_definitions.yaml diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index b94c9497b5..a6c1b2c821 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -208,6 +208,8 @@ conf: topics: - notifications - profiler + oslo_policy: + policy_file: /etc/ceilometer/policy.yaml cache: enabled: true backend: dogpile.cache.memcached diff --git a/designate/Chart.yaml b/designate/Chart.yaml index 0ecf601d37..24420edc59 100644 --- a/designate/Chart.yaml +++ b/designate/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Designate name: designate -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/designate/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg sources: diff --git a/designate/templates/configmap-etc.yaml b/designate/templates/configmap-etc.yaml index cc0d270b59..dd1d4a23d5 100644 --- a/designate/templates/configmap-etc.yaml +++ b/designate/templates/configmap-etc.yaml @@ -74,7 +74,7 @@ type: Opaque data: designate.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.designate | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.pools "key" "pools.yaml" "format" "Secret" ) | indent 2 }} diff --git a/designate/templates/deployment-api.yaml b/designate/templates/deployment-api.yaml index be55b92263..43531ec8db 100644 --- a/designate/templates/deployment-api.yaml +++ b/designate/templates/deployment-api.yaml @@ -87,8 +87,8 @@ spec: subPath: api-paste.ini readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/templates/deployment-central.yaml b/designate/templates/deployment-central.yaml index 34e47ac07d..22cb398480 100644 --- a/designate/templates/deployment-central.yaml +++ b/designate/templates/deployment-central.yaml @@ -74,8 +74,8 @@ spec: subPath: api-paste.ini readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/templates/deployment-mdns.yaml b/designate/templates/deployment-mdns.yaml index 7a49fa9756..93fe35d9fe 100644 --- a/designate/templates/deployment-mdns.yaml +++ b/designate/templates/deployment-mdns.yaml @@ -85,8 +85,8 @@ spec: subPath: api-paste.ini readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/templates/deployment-producer.yaml b/designate/templates/deployment-producer.yaml index 381815e687..23ba4a6a22 100644 --- a/designate/templates/deployment-producer.yaml +++ b/designate/templates/deployment-producer.yaml @@ -74,8 +74,8 @@ spec: subPath: api-paste.ini readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/templates/deployment-sink.yaml b/designate/templates/deployment-sink.yaml index 4d41ae4136..4f8d7a8f21 100644 --- a/designate/templates/deployment-sink.yaml +++ b/designate/templates/deployment-sink.yaml @@ -70,8 +70,8 @@ spec: subPath: designate.conf readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/templates/deployment-worker.yaml b/designate/templates/deployment-worker.yaml index 1e97c478c5..9c252f55a0 100644 --- a/designate/templates/deployment-worker.yaml +++ b/designate/templates/deployment-worker.yaml @@ -99,8 +99,8 @@ spec: subPath: api-paste.ini readOnly: true - name: designate-etc - mountPath: /etc/designate/policy.json - subPath: policy.json + mountPath: /etc/designate/policy.yaml + subPath: policy.yaml readOnly: true {{- if .Values.conf.designate.DEFAULT.log_config_append }} - name: designate-etc diff --git a/designate/values.yaml b/designate/values.yaml index 3e0026107b..e8f3165f0b 100644 --- a/designate/values.yaml +++ b/designate/values.yaml @@ -562,6 +562,8 @@ conf: notify: false oslo_middleware: enable_proxy_headers_parsing: true + oslo_policy: + policy_file: /etc/designate/policy.yaml database: max_retries: -1 storage:sqlalchemy: diff --git a/glance/Chart.yaml b/glance/Chart.yaml index c0f322725a..d1044b9bfc 100644 --- a/glance/Chart.yaml +++ b/glance/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Glance name: glance -version: 0.2.2 +version: 0.2.3 home: https://docs.openstack.org/glance/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png sources: diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 32557d1035..97f19fbcac 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -195,7 +195,7 @@ data: glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} glance-registry.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_registry | b64enc }} glance-registry-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste_registry | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.swift_store "key" "swift-store.conf" "format" "Secret" ) | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }} diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 095065963e..78e1671528 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -194,8 +194,8 @@ spec: subPath: glance-api-paste.ini readOnly: true - name: glance-etc - mountPath: /etc/glance/policy.json - subPath: policy.json + mountPath: /etc/glance/policy.yaml + subPath: policy.yaml readOnly: true - name: glance-etc mountPath: /etc/glance/api_audit_map.conf diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index 6d00585407..f771e01322 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -105,8 +105,8 @@ spec: subPath: glance-registry-paste.ini readOnly: true - name: glance-etc - mountPath: /etc/glance/policy.json - subPath: policy.json + mountPath: /etc/glance/policy.yaml + subPath: policy.yaml readOnly: true {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image_registry.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} diff --git a/glance/values.yaml b/glance/values.yaml index 2d939d243c..87f4b31f5c 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -284,6 +284,8 @@ conf: driver: messagingv2 oslo_messaging_rabbit: rabbit_ha_queues: true + oslo_policy: + policy_file: /etc/glance/policy.yaml cors: {} logging: loggers: diff --git a/heat/Chart.yaml b/heat/Chart.yaml index bb8a02c986..23442f3159 100644 --- a/heat/Chart.yaml +++ b/heat/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Heat name: heat -version: 0.2.1 +version: 0.2.2 home: https://docs.openstack.org/heat/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png sources: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 0b8b3f6102..d5716e1f3a 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -140,7 +140,7 @@ data: heat.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.heat | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- if .Values.manifests.certificates }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_heat "key" "wsgi-heat.conf" "format" "Secret" ) | indent 2 }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index 4f78246c71..a17ddaef55 100644 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -104,8 +104,8 @@ spec: subPath: api-paste.ini readOnly: true - name: heat-etc - mountPath: /etc/heat/policy.json - subPath: policy.json + mountPath: /etc/heat/policy.yaml + subPath: policy.yaml readOnly: true - name: heat-etc mountPath: /etc/heat/api_audit_map.conf diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 1a5061d563..9fab9e647f 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -104,8 +104,8 @@ spec: subPath: api-paste.ini readOnly: true - name: heat-etc - mountPath: /etc/heat/policy.json - subPath: policy.json + mountPath: /etc/heat/policy.yaml + subPath: policy.yaml readOnly: true - name: heat-etc mountPath: /etc/heat/api_audit_map.conf diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 8f1849afa8..092feac1e9 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -97,8 +97,8 @@ spec: subPath: api-paste.ini readOnly: true - name: heat-etc - mountPath: /etc/heat/policy.json - subPath: policy.json + mountPath: /etc/heat/policy.yaml + subPath: policy.yaml readOnly: true - name: heat-etc mountPath: /etc/heat/api_audit_map.conf diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml index f4cf496f65..4ae0197bd4 100644 --- a/heat/templates/deployment-engine.yaml +++ b/heat/templates/deployment-engine.yaml @@ -96,8 +96,8 @@ spec: readOnly: true {{ end }} - name: heat-etc - mountPath: /etc/heat/policy.json - subPath: policy.json + mountPath: /etc/heat/policy.yaml + subPath: policy.yaml readOnly: true {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} diff --git a/heat/values.yaml b/heat/values.yaml index 0dc0e00073..4774431ae5 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -473,6 +473,8 @@ conf: enable_proxy_headers_parsing: true oslo_messaging_rabbit: rabbit_ha_queues: True + oslo_policy: + policy_file: /etc/heat/policy.yaml api_audit_map: DEFAULT: target_endpoint_type: None diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml index 6158b8a87d..a3bd61f7e5 100644 --- a/horizon/Chart.yaml +++ b/horizon/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Horizon name: horizon -version: 0.2.1 +version: 0.2.2 home: https://docs.openstack.org/horizon/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png sources: diff --git a/horizon/templates/configmap-etc.yaml b/horizon/templates/configmap-etc.yaml index bbdfe3e20c..0006fae101 100644 --- a/horizon/templates/configmap-etc.yaml +++ b/horizon/templates/configmap-etc.yaml @@ -27,6 +27,6 @@ data: {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.security "key" "security.conf" "format" "Secret" ) | indent 2 }} {{- end }} {{- range $key, $value := .Values.conf.horizon.policy }} - {{ printf "%s_policy.json" $key }}: {{ $value | toPrettyJson | b64enc }} + {{ printf "%s_policy.yaml" $key }}: {{ $value | toPrettyJson | b64enc }} {{- end }} {{- end }} diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 107cd43ecc..4675da4f31 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -123,7 +123,7 @@ spec: subPath: local_settings readOnly: true {{- range $key, $value := $envAll.Values.conf.horizon.policy }} - {{- $policyFile := printf "/etc/openstack-dashboard/%s_policy.json" $key }} + {{- $policyFile := printf "/etc/openstack-dashboard/%s_policy.yaml" $key }} - name: horizon-etc mountPath: {{ $policyFile }} subPath: {{ base $policyFile }} diff --git a/horizon/values.yaml b/horizon/values.yaml index 703405c5aa..c7b9b502f9 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -631,17 +631,17 @@ conf: # OpenStack services are using to determine role based access control in the # target installation. - # Path to directory containing policy.json files + # Path to directory containing policy.yaml files POLICY_FILES_PATH = '/etc/openstack-dashboard' # Map of local copy of service policy files #POLICY_FILES = { - # 'identity': 'keystone_policy.json', - # 'compute': 'nova_policy.json', - # 'volume': 'cinder_policy.json', - # 'image': 'glance_policy.json', - # 'orchestration': 'heat_policy.json', - # 'network': 'neutron_policy.json', - # 'telemetry': 'ceilometer_policy.json', + # 'identity': 'keystone_policy.yaml', + # 'compute': 'nova_policy.yaml', + # 'volume': 'cinder_policy.yaml', + # 'image': 'glance_policy.yaml', + # 'orchestration': 'heat_policy.yaml', + # 'network': 'neutron_policy.yaml', + # 'telemetry': 'ceilometer_policy.yaml', #} # Trove user and database extension support. By default support for diff --git a/ironic/Chart.yaml b/ironic/Chart.yaml index fe3dd62851..180f00c10d 100644 --- a/ironic/Chart.yaml +++ b/ironic/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ironic name: ironic -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/ironic/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png sources: diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml index 3f9f4e877d..395a2a4c5a 100644 --- a/ironic/templates/configmap-etc.yaml +++ b/ironic/templates/configmap-etc.yaml @@ -203,7 +203,7 @@ type: Opaque data: ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file" "format" "Secret" ) | indent 2 }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml index 6a443d5200..76f1565531 100644 --- a/ironic/templates/deployment-api.yaml +++ b/ironic/templates/deployment-api.yaml @@ -131,8 +131,8 @@ spec: readOnly: true {{- end }} - name: ironic-etc - mountPath: /etc/ironic/policy.json - subPath: policy.json + mountPath: /etc/ironic/policy.yaml + subPath: policy.yaml readOnly: true - name: pod-shared mountPath: /tmp/pod-shared diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml index c09c30495f..c427c4e9cf 100644 --- a/ironic/templates/statefulset-conductor.yaml +++ b/ironic/templates/statefulset-conductor.yaml @@ -181,8 +181,8 @@ spec: readOnly: true {{- end }} - name: ironic-etc - mountPath: /etc/ironic/policy.json - subPath: policy.json + mountPath: /etc/ironic/policy.yaml + subPath: policy.yaml readOnly: true - name: host-var-lib-ironic mountPath: /var/lib/ironic diff --git a/ironic/values.yaml b/ironic/values.yaml index cdda0461da..eb29ab7d7f 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -136,6 +136,8 @@ conf: auth_type: password swift: auth_url: null + oslo_policy: + policy_file: /etc/ironic/policy.yaml logging: loggers: keys: diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml index 85340b98a4..2cb147f24b 100644 --- a/keystone/Chart.yaml +++ b/keystone/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Keystone name: keystone -version: 0.2.3 +version: 0.2.4 home: https://docs.openstack.org/keystone/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png sources: diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml index 0d7049785e..f37a731f48 100644 --- a/keystone/templates/configmap-etc.yaml +++ b/keystone/templates/configmap-etc.yaml @@ -54,7 +54,7 @@ data: rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} keystone.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.keystone | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }} ports.conf: '' {{- range $k, $v := .Values.conf.ks_domains }} diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml index e1e8c3fba3..4cf9da9edc 100644 --- a/keystone/templates/deployment-api.yaml +++ b/keystone/templates/deployment-api.yaml @@ -106,8 +106,8 @@ spec: readOnly: true {{- end }} - name: keystone-etc - mountPath: /etc/keystone/policy.json - subPath: policy.json + mountPath: /etc/keystone/policy.yaml + subPath: policy.yaml readOnly: true - name: keystone-etc mountPath: /etc/keystone/access_rules.json diff --git a/keystone/values.yaml b/keystone/values.yaml index e825303178..3af080cc3e 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -551,6 +551,8 @@ conf: rabbit_ha_queues: true oslo_middleware: enable_proxy_headers_parsing: true + oslo_policy: + policy_file: /etc/keystone/policy.yaml security_compliance: # NOTE(vdrok): The following two options have effect only for SQL backend lockout_failure_attempts: 5 diff --git a/magnum/Chart.yaml b/magnum/Chart.yaml index 5644dc8ed1..2504db17b9 100644 --- a/magnum/Chart.yaml +++ b/magnum/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Magnum name: magnum -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/magnum/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png sources: diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 32959e1cea..466e2ae728 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -93,5 +93,5 @@ data: magnum.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.magnum | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- end }} diff --git a/magnum/templates/deployment-api.yaml b/magnum/templates/deployment-api.yaml index 2e076dbd1c..fbb43d2489 100644 --- a/magnum/templates/deployment-api.yaml +++ b/magnum/templates/deployment-api.yaml @@ -103,8 +103,8 @@ spec: subPath: api-paste.ini readOnly: true - name: magnum-etc - mountPath: /etc/magnum/policy.json - subPath: policy.json + mountPath: /etc/magnum/policy.yaml + subPath: policy.yaml readOnly: true - name: magnum-lock-path mountPath: {{ .Values.conf.magnum.oslo_concurrency.lock_path }} diff --git a/magnum/templates/statefulset-conductor.yaml b/magnum/templates/statefulset-conductor.yaml index 1a3de8d506..1d7663ff21 100644 --- a/magnum/templates/statefulset-conductor.yaml +++ b/magnum/templates/statefulset-conductor.yaml @@ -99,8 +99,8 @@ spec: readOnly: true {{- end }} - name: magnum-etc - mountPath: /etc/magnum/policy.json - subPath: policy.json + mountPath: /etc/magnum/policy.yaml + subPath: policy.yaml readOnly: true - name: pod-shared mountPath: /tmp/pod-shared diff --git a/magnum/values.yaml b/magnum/values.yaml index c6e6d66aba..66fe791c70 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -119,6 +119,8 @@ conf: driver: messaging oslo_concurrency: lock_path: /var/lib/magnum/tmp + oslo_policy: + policy_file: /etc/magnum/policy.yaml certificates: cert_manager_type: barbican database: diff --git a/mistral/Chart.yaml b/mistral/Chart.yaml index 96e1057688..82db38f108 100644 --- a/mistral/Chart.yaml +++ b/mistral/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Mistral name: mistral -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/mistral/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Mistral/OpenStack_Project_Mistral_vertical.png sources: diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 688acf8960..655eb42701 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -83,7 +83,7 @@ data: rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }} mistral.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.mistral | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- range $key, $value := $envAll.Values.conf.rally_tests.templates }} {{ printf "test_template_%d" $key }}: {{ $value.template | b64enc }} {{- end }} diff --git a/mistral/templates/deployment-api.yaml b/mistral/templates/deployment-api.yaml index baabfe7ecd..138e538779 100644 --- a/mistral/templates/deployment-api.yaml +++ b/mistral/templates/deployment-api.yaml @@ -93,8 +93,8 @@ spec: readOnly: true {{- end }} - name: mistral-etc - mountPath: /etc/mistral/policy.json - subPath: policy.json + mountPath: /etc/mistral/policy.yaml + subPath: policy.yaml readOnly: true {{ if $mounts_mistral_api.volumeMounts }}{{ toYaml $mounts_mistral_api.volumeMounts | indent 12 }}{{ end }} volumes: diff --git a/mistral/values.yaml b/mistral/values.yaml index 32674b7ee1..7210932c15 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -468,6 +468,8 @@ conf: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT + oslo_policy: + policy_file: /etc/mistral/policy.yaml logging: loggers: keys: diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index e3b13c14fd..e3972427d9 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.2.1 +version: 0.2.2 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 9424374f60..7fea6065b1 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -251,7 +251,7 @@ type: Opaque data: rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }} - policy.json: {{ toJson $envAll.Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml $envAll.Values.conf.policy | b64enc }} neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 36fa6d5b43..e44aa53d10 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -234,8 +234,8 @@ spec: subPath: api-paste.ini readOnly: true - name: neutron-etc - mountPath: /etc/neutron/policy.json - subPath: policy.json + mountPath: /etc/neutron/policy.yaml + subPath: policy.yaml readOnly: true {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} diff --git a/neutron/values.yaml b/neutron/values.yaml index f4c8f51048..fb2a2ecad2 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1906,6 +1906,8 @@ conf: rabbit_ha_queues: true oslo_middleware: enable_proxy_headers_parsing: true + oslo_policy: + policy_file: /etc/neutron/policy.yaml nova: auth_type: password auth_version: v3 diff --git a/releasenotes/notes/aodh.yaml b/releasenotes/notes/aodh.yaml index 50acdcfbac..ae56b6e90b 100644 --- a/releasenotes/notes/aodh.yaml +++ b/releasenotes/notes/aodh.yaml @@ -3,3 +3,4 @@ aodh: - 0.1.0 Initial Chart - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/barbican.yaml b/releasenotes/notes/barbican.yaml index 8f6e033294..5ed6049537 100644 --- a/releasenotes/notes/barbican.yaml +++ b/releasenotes/notes/barbican.yaml @@ -4,3 +4,4 @@ barbican: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Added post-install and post-upgrade helm hook for Jobs - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/ceilometer.yaml b/releasenotes/notes/ceilometer.yaml index 92b34a829d..2871649bd4 100644 --- a/releasenotes/notes/ceilometer.yaml +++ b/releasenotes/notes/ceilometer.yaml @@ -3,3 +3,4 @@ ceilometer: - 0.1.0 Initial Chart - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/designate.yaml b/releasenotes/notes/designate.yaml index 52f7ad59c0..7b35372e45 100644 --- a/releasenotes/notes/designate.yaml +++ b/releasenotes/notes/designate.yaml @@ -4,3 +4,4 @@ designate: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Added post-install and post-upgrade helm hooks on Jobs - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml index dc926ae00d..57963d5229 100644 --- a/releasenotes/notes/glance.yaml +++ b/releasenotes/notes/glance.yaml @@ -12,3 +12,4 @@ glance: - 0.2.0 Remove support for releases before T - 0.2.1 Fix the ceph pool creations for openstack services - 0.2.2 Adding rabbitmq TLS logic + - 0.2.3 Use policies in yaml format diff --git a/releasenotes/notes/heat.yaml b/releasenotes/notes/heat.yaml index d817cf2bac..f18a1ad634 100644 --- a/releasenotes/notes/heat.yaml +++ b/releasenotes/notes/heat.yaml @@ -8,3 +8,4 @@ heat: - 0.1.5 Change Issuer to ClusterIssuer - 0.2.0 Remove support for releases before T - 0.2.1 Adding rabbitmq TLS logic + - 0.2.2 Use policies in yaml format diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml index ff0464c9a6..af9b12d3f0 100644 --- a/releasenotes/notes/horizon.yaml +++ b/releasenotes/notes/horizon.yaml @@ -11,4 +11,5 @@ horizon: - 0.1.8 Implement "CSRF_COOKIE_HTTPONLY" option support in horizon - 0.2.0 Remove support for releases before T - 0.2.1 Make python script PEP8 compliant + - 0.2.2 Use policies in yaml format ... diff --git a/releasenotes/notes/ironic.yaml b/releasenotes/notes/ironic.yaml index db2482ed53..d92182a8f7 100644 --- a/releasenotes/notes/ironic.yaml +++ b/releasenotes/notes/ironic.yaml @@ -4,3 +4,4 @@ ironic: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Added post-install and post-upgrade helm.sh/hook for jobs - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml index 5929e76bd1..6352abeae5 100644 --- a/releasenotes/notes/keystone.yaml +++ b/releasenotes/notes/keystone.yaml @@ -19,4 +19,5 @@ keystone: - 0.2.1 Remove paste ini config settings - 0.2.2 Make python script PEP8 compliant - 0.2.3 Adding rabbitmq TLS logic + - 0.2.4 Use policies in yaml format ... diff --git a/releasenotes/notes/magnum.yaml b/releasenotes/notes/magnum.yaml index bcf58f526c..8e7305c02b 100644 --- a/releasenotes/notes/magnum.yaml +++ b/releasenotes/notes/magnum.yaml @@ -4,3 +4,4 @@ magnum: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Added post-install and post-upgrade helm hook for jobs - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/mistral.yaml b/releasenotes/notes/mistral.yaml index d5d36539f6..8cf2649eee 100644 --- a/releasenotes/notes/mistral.yaml +++ b/releasenotes/notes/mistral.yaml @@ -4,3 +4,4 @@ mistral: - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Added post-install and post-upgrade hook for Jobs - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index 082e9ca2cd..6fa3a3d261 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -15,3 +15,4 @@ neutron: - 0.1.12 Removed "name" parameter from Rally tests - 0.2.0 Remove support for releases before T - 0.2.1 Adding rabbitmq TLS logic + - 0.2.2 Use policies in yaml format diff --git a/releasenotes/notes/senlin.yaml b/releasenotes/notes/senlin.yaml index 536058df58..e4eaaf66aa 100644 --- a/releasenotes/notes/senlin.yaml +++ b/releasenotes/notes/senlin.yaml @@ -3,3 +3,4 @@ senlin: - 0.1.0 Initial Chart - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.2.0 Remove support for releases before T + - 0.2.1 Use policies in yaml format diff --git a/senlin/Chart.yaml b/senlin/Chart.yaml index 8c147abf7d..4786a65f61 100644 --- a/senlin/Chart.yaml +++ b/senlin/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Senlin name: senlin -version: 0.2.0 +version: 0.2.1 home: https://docs.openstack.org/senlin/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png sources: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index 87793adb99..a47a3a4f57 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -104,5 +104,5 @@ data: senlin.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.senlin | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} - policy.json: {{ toJson .Values.conf.policy | b64enc }} + policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} {{- end }} diff --git a/senlin/templates/deployment-api.yaml b/senlin/templates/deployment-api.yaml index 193b1d56be..d6577fff8f 100644 --- a/senlin/templates/deployment-api.yaml +++ b/senlin/templates/deployment-api.yaml @@ -103,8 +103,8 @@ spec: subPath: api-paste.ini readOnly: true - name: senlin-etc - mountPath: /etc/senlin/policy.json - subPath: policy.json + mountPath: /etc/senlin/policy.yaml + subPath: policy.yaml readOnly: true {{ if $mounts_senlin_api.volumeMounts }}{{ toYaml $mounts_senlin_api.volumeMounts | indent 12 }}{{ end }} volumes: diff --git a/senlin/templates/deployment-engine.yaml b/senlin/templates/deployment-engine.yaml index f5cb2997a1..06ed7688b2 100644 --- a/senlin/templates/deployment-engine.yaml +++ b/senlin/templates/deployment-engine.yaml @@ -78,8 +78,8 @@ spec: readOnly: true {{- end }} - name: senlin-etc - mountPath: /etc/senlin/policy.json - subPath: policy.json + mountPath: /etc/senlin/policy.yaml + subPath: policy.yaml readOnly: true {{ if $mounts_senlin_engine.volumeMounts }}{{ toYaml $mounts_senlin_engine.volumeMounts | indent 12 }}{{ end }} volumes: diff --git a/senlin/values.yaml b/senlin/values.yaml index a1126cafcb..3ad5e5bf5b 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -179,6 +179,8 @@ conf: # NOTE(portdirect): the bind port should not be defined, and is manipulated # via the endpoints section. bind_port: null + oslo_policy: + policy_file: /etc/senlin/policy.yaml logging: loggers: keys: