openstack
/
devstack
Code Issues Proposed changes

Merge "Migration logic for neutron policy-in-code"

This commit is contained in:
Zuul 2018-12-12 14:16:55 +00:00 committed by Gerrit Code Review
parent 5b5cf9dd31 80769c5714
commit 2697e431d2
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/neutron
View File

@ -183,9 +183,14 @@ function configure_neutron_new {
# Neutron API server & Neutron plugin
if is_service_enabled neutron-api; then
local policy_file=$NEUTRON_CONF_DIR/policy.json
cp $NEUTRON_DIR/etc/policy.json $policy_file
# Allow neutron user to administer neutron to match neutron account
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $policy_file
# NOTE(amotoki): This is required for nova works correctly with neutron.
if [ -f $NEUTRON_DIR/etc/policy.json ]; then
cp $NEUTRON_DIR/etc/policy.json $policy_file
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $policy_file
else
echo '{"context_is_admin": "role:admin or user_name:neutron"}' > $policy_file
fi
cp $NEUTRON_DIR/etc/api-paste.ini $NEUTRON_CONF_DIR/api-paste.ini

9
lib/neutron-legacy
View File

@ -699,10 +699,15 @@ function _configure_neutron_common {
cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
# allow neutron user to administer neutron to match neutron account
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
# NOTE(amotoki): This is required for nova works correctly with neutron.
if [ -f $NEUTRON_DIR/etc/policy.json ]; then
cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
else
echo '{"context_is_admin": "role:admin or user_name:neutron"}' > $Q_POLICY_FILE
fi
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.