Add option to override horizon policies

In case policies are overriden for services,
horizon maintain and ship it's own set of policies that should be
separatelly overriden.

Depends-On: https://review.opendev.org/754382
Change-Id: I7099a5b11390d3296c7b4bb74d69670c7fe64f58
This commit is contained in:
Dmitriy Rabotyagov 2020-08-26 18:46:46 +03:00
parent f5503147c3
commit 2447deec62
3 changed files with 31 additions and 0 deletions

View File

@ -486,6 +486,12 @@ horizon_translations_pull: "{{ _horizon_translations_pull }}"
# Set arbitrary horizon configuration options
horizon_config_overrides: {}
# Set overrides for horizon embedded policies
#horizon_policy_overrides:
# cinder:
# "volume:create": "rule:admin_or_owner"
horizon_policy_overrides: {}
horizon_keystone_admin_roles:
- admin

View File

@ -0,0 +1,10 @@
---
features:
- |
Added variable `horizon_policy_overrides` which allows to customize horizon
specific policies. As we don't want to carry and maintain horizon policies
with OSA, they're retrieved from horizon hosts and adjusted in-place,
which means that they won't rollback in case you just remove override.
`horizon_policy_overrides` has also non-standart format, as it's nested
dictionary, where 1st level key represents service which policy needs to
be overriden, and it's value is normal policy override format.

View File

@ -42,6 +42,21 @@
when: item.always_install
notify: Restart apache2
- name: Retrieve horizon policy files
slurp:
src: "{{ horizon_lib_dir }}/openstack_dashboard/conf/{{ item }}_policy.yaml"
with_items: "{{ horizon_policy_overrides.keys() | list }}"
register: _horizon_policy
- name: Place policy overrides
config_template:
content: "{{ item.content | b64decode }}"
dest: "{{ item.source }}"
mode: "0644"
config_type: json
config_overrides: "{{ horizon_policy_overrides[item.item] }}"
with_items: "{{ _horizon_policy.results }}"
- name: Uploading horizon custom files
copy:
src: "{{ item.value.src }}"