Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1518978 - [RFE] Provide mechanism to alter policy files during or after RHOSP deployment.
Summary: [RFE] Provide mechanism to alter policy files during or after RHOSP deployment.
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ga
: ---
Assignee: Emilien Macchi
QA Contact: Gurenko Alex
URL: https://github.com/openstack/tripleo-...
Whiteboard:
Depends On: 1403461
Blocks: 1419948
TreeView+ depends on / blocked
 
Reported: 2017-11-29 22:07 UTC by Bertrand
Modified: 2017-11-29 22:20 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)
Updated policy.json file for nova (deleted)
2017-11-29 22:11 UTC, Bertrand
no flags Details

Description Bertrand 2017-11-29 22:07:28 UTC
Description:
To make use of an External Policy Decision Point (PDP) [1],[2], each policy files used by respective openstack services must be configured with the proper parameter, in this case a URL pointing to the external PDP. 
Each policy file must be altered during initial deployment and/or during post deployment to factor in possible updates. 
An example of altered policy file is attached to this BZ RFE.
A possible example of what a THT might look like can be found upstream [3].

[1] https://specs.openstack.org/openstack/oslo-specs/specs/queens/external-pdp.html
[2] https://github.com/openstack/oslo.policy/commit/70ba1beb3e3c93fafc147633360df838155a82a9
[3] https://github.com/openstack/tripleo-heat-templates/blob/master/environments/nova-api-policy.yaml

Comment 1 Bertrand 2017-11-29 22:11:03 UTC
Created attachment 1360567 [details]
Updated policy.json file for nova

Comment 2 Bertrand 2017-11-29 22:13:21 UTC
Comment on attachment 1360567 [details]
Updated policy.json file for nova

Where: http://127.0.0.1:31002/authz is the link towards the external PDP.


Note You need to log in before you can comment on or make changes to this bug.