Support both json and yaml RBAC Policy Format

Oslo policy supports both JSON as well as YAML formatted file yet. Because some projects yet use json file such as monasca-ui. So horizon chart has to support both of them. Once all projects convert their format to YAML we can remove json manifests. Change-Id: I50ade6764750ac556cf552a003eb825d6b4b83d5
2021-11-01 10:28:17 +01:00 · 2021-11-01 10:28:17 +01:00 · 3d344e43a2
parent bdd1e7ebe9
commit 3d344e43a2
4 changed files with 16 additions and 5 deletions
--- a/horizon/Chart.yaml
+++ b/horizon/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.2.11
+version: 0.2.12
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:
--- a/horizon/templates/configmap-etc.yaml
+++ b/horizon/templates/configmap-etc.yaml
@ -27,6 +27,9 @@ data:
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.horizon.security "key" "security.conf" "format" "Secret" ) | indent 2 }}
 {{- end }}
 {{- range $key, $value := .Values.conf.horizon.policy }}
-  {{ printf "%s_policy.yaml" $key }}: {{ $value | toPrettyJson | b64enc }}
+  {{ printf "%s_policy.json" $key }}: {{ $value | toPrettyJson | b64enc }}
+{{- end }}
+{{- range $key, $value := .Values.conf.horizon.policy }}
+  {{ printf "%s_policy.yaml" $key }}: {{ toYaml $value | b64enc }}
 {{- end }}
 {{- end }}
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@ -123,10 +123,17 @@ spec:
              subPath: local_settings
              readOnly: true
            {{- range $key, $value := $envAll.Values.conf.horizon.policy }}
-            {{- $policyFile := printf "/etc/openstack-dashboard/%s_policy.yaml" $key }}
+            {{- $policyYamlFile := printf "/etc/openstack-dashboard/%s_policy.yaml" $key }}
            - name: horizon-etc
-              mountPath: {{ $policyFile }}
-              subPath: {{ base $policyFile }}
+              mountPath: {{ $policyYamlFile }}
+              subPath: {{ base $policyYamlFile }}
+              readOnly: true
+            {{- end }}
+            {{- range $key, $value := $envAll.Values.conf.horizon.policy }}
+            {{- $policyJsonFile := printf "/etc/openstack-dashboard/%s_policy.json" $key }}
+            - name: horizon-etc
+              mountPath: {{ $policyJsonFile }}
+              subPath: {{ base $policyJsonFile }}
              readOnly: true
            {{- end }}
 {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal "path" "/etc/openstack-dashboard/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
--- a/releasenotes/notes/horizon.yaml
+++ b/releasenotes/notes/horizon.yaml
@ -21,4 +21,5 @@ horizon:
  - 0.2.9 Removed default policy in chart in favor of default policy in code
  - 0.2.10 Helm 3 - Fix Job Labels
  - 0.2.11 Update htk requirements repo
+  - 0.2.12 Support both json and yaml RBAC Policy Format
 ...