From fe53b5e5590b23a1e410e3373262621f2fdd745c Mon Sep 17 00:00:00 2001
From: Gage Hugo <gagehugo@gmail.com>
Date: Thu, 15 Oct 2020 11:37:29 -0500
Subject: [PATCH] Add blank access_rules file

When starting the keystone-api pod, the service checks for a
access_rules file for application credentials during startup.
If the file does not exist, keystone emits a warning saying the
file is not found:

WARNING keystone.access_rules_config.backends.json [-] No config
file found for access rules, application credential access rules
will be unavailable.: FileNotFoundError: [Errno 2] No such file
or directory: '/etc/keystone/access_rules.json'

This change adds in a blank access_rules.json file to the
keystone etc directory in order to surpress this message.

Change-Id: I63ac153cc91ac45b3fd223f8a54b933b5cbffac4
---
 keystone/Chart.yaml                    | 2 +-
 keystone/templates/configmap-etc.yaml  | 1 +
 keystone/templates/deployment-api.yaml | 4 ++++
 keystone/values.yaml                   | 1 +
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index ef01a8e14c..e0f8f42e6b 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.1
+version: 0.1.2
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml
index f97c31ced9..98f9a7ef96 100644
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@@ -56,6 +56,7 @@ data:
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }}
   keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
   policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }}
   ports.conf: ''
 {{- range $k, $v := .Values.conf.ks_domains }}
   keystone.{{ $k }}.json: {{ toJson $v | b64enc }}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index a6295aedae..a3a143dfd1 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -113,6 +113,10 @@ spec:
               mountPath: /etc/keystone/policy.json
               subPath: policy.json
               readOnly: true
+            - name: keystone-etc
+              mountPath: /etc/keystone/access_rules.json
+              subpath: access_rules.json
+              readOnly: true
             - name: keystone-etc
               mountPath: /etc/keystone/sso_callback_template.html
               subPath: sso_callback_template.html
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 6cda58808d..66ca5fcd86 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -777,6 +777,7 @@ conf:
     identity:update_domain_config: rule:admin_required
     identity:delete_domain_config: rule:admin_required
     identity:get_domain_config_default: rule:admin_required
+  access_rules: {}
   rabbitmq:
     # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
     policies: