Add octavia-dashboard Change-Id: I07379214de633f22c1437b593d30e526b59e383a Related-PROD: PROD-22018

commit: 55e790b8e6c5816c8bda8d17b1dcaaca5e893892 [log] [tgz]
author: Ann Kamyshnikova <akamyshnikova@mirantis.com> Tue Oct 02 15:53:32 2018 +0400
committer: Anna Taraday <akamyshnikova@mirantis.com> Mon Oct 08 07:44:57 2018 +0000
tree: 806b3592b604469d3e1f8ac68383fe5836f44927
parent: c9cfd1f2f127bc34b1bf7be84b093cd142eb0237 [diff]
diff --git a/horizon/files/policy/queens/octavia_policy.json b/horizon/files/policy/queens/octavia_policy.json
new file mode 100644
index 0000000..9d3a93c
--- /dev/null
+++ b/horizon/files/policy/queens/octavia_policy.json

@@ -0,0 +1,68 @@
+{
+  "load-balancer:read": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin",
+  "load-balancer:read-quota": "rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin",
+  "os_load-balancer_api:pool:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:listener:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:loadbalancer:post": "rule:load-balancer:write",
+  "os_load-balancer_api:loadbalancer:get_status": "rule:load-balancer:read",
+  "os_load-balancer_api:l7rule:post": "rule:load-balancer:write",
+  "os_load-balancer_api:l7policy:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:pool:get_all-global": "rule:load-balancer:read-global",
+  "os_load-balancer_api:amphora:put_failover": "rule:load-balancer:admin",
+  "load-balancer:owner": "project_id:%(project_id)s",
+  "os_load-balancer_api:listener:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:pool:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:l7rule:get_all": "rule:load-balancer:read",
+  "load-balancer:write": "rule:load-balancer:member_and_owner or rule:load-balancer:admin",
+  "os_load-balancer_api:amphora:get_one": "rule:load-balancer:admin",
+  "os_load-balancer_api:healthmonitor:delete": "rule:load-balancer:write",
+  "load-balancer:read-global": "rule:load-balancer:global_observer or rule:load-balancer:admin",
+  "os_load-balancer_api:loadbalancer:get_stats": "rule:load-balancer:read",
+  "os_load-balancer_api:member:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:pool:get_one": "rule:load-balancer:read",
+  "load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin",
+  "os_load-balancer_api:loadbalancer:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:l7rule:put": "rule:load-balancer:write",
+  "load-balancer:observer_and_owner": "role:load-balancer_observer and rule:load-balancer:owner",
+  "os_load-balancer_api:quota:get_one": "rule:load-balancer:read-quota",
+  "os_load-balancer_api:loadbalancer:get_all-global": "rule:load-balancer:read-global",
+  "os_load-balancer_api:member:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:l7policy:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:healthmonitor:put": "rule:load-balancer:write",
+  "os_load-balancer_api:member:post": "rule:load-balancer:write",
+  "load-balancer:global_observer": "role:load-balancer_global_observer",
+  "os_load-balancer_api:l7policy:get_all-global": "rule:load-balancer:read-global",
+  "os_load-balancer_api:loadbalancer:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:loadbalancer:put": "rule:load-balancer:write",
+  "os_load-balancer_api:l7rule:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:listener:get_stats": "rule:load-balancer:read",
+  "os_load-balancer_api:amphora:get_all": "rule:load-balancer:admin",
+  "os_load-balancer_api:l7policy:put": "rule:load-balancer:write",
+  "os_load-balancer_api:listener:get_all-global": "rule:load-balancer:read-global",
+  "os_load-balancer_api:l7policy:post": "rule:load-balancer:write",
+  "os_load-balancer_api:healthmonitor:get_all-global": "rule:load-balancer:read-global",
+  "load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin",
+  "os_load-balancer_api:listener:post": "rule:load-balancer:write",
+  "context_is_admin": "role:admin or role:load-balancer_admin",
+  "os_load-balancer_api:quota:get_all-global": "rule:load-balancer:read-quota-global",
+  "load-balancer:admin": "is_admin:True or role:admin or role:load-balancer_admin",
+  "os_load-balancer_api:pool:put": "rule:load-balancer:write",
+  "os_load-balancer_api:healthmonitor:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:l7policy:get_all": "rule:load-balancer:read",
+  "os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin",
+  "os_load-balancer_api:healthmonitor:post": "rule:load-balancer:write",
+  "os_load-balancer_api:pool:post": "rule:load-balancer:write",
+  "os_load-balancer_api:quota:put": "rule:load-balancer:write-quota",
+  "os_load-balancer_api:listener:put": "rule:load-balancer:write",
+  "os_load-balancer_api:listener:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:quota:get_all": "rule:load-balancer:read-quota",
+  "os_load-balancer_api:loadbalancer:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:quota:get_defaults": "rule:load-balancer:read-quota",
+  "os_load-balancer_api:quota:delete": "rule:load-balancer:write-quota",
+  "load-balancer:member_and_owner": "role:load-balancer_member and rule:load-balancer:owner",
+  "os_load-balancer_api:member:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:l7rule:delete": "rule:load-balancer:write",
+  "os_load-balancer_api:healthmonitor:get_one": "rule:load-balancer:read",
+  "os_load-balancer_api:member:put": "rule:load-balancer:write"
+
+}
\ No newline at end of file

diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index 1600163..90d2aae 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml

@@ -10,6 +10,7 @@
     horizon_identity_encryption: none
     horizon_identity_endpoint_type: internalURL
     neutron_enable_bgp_vpn: false
+    octavia_enabled: false
   horizon:
     server:
       enabled: true
@@ -88,4 +89,8 @@
           source: file
           name: bgpvpn_policy.json
           enabled: ${_param:neutron_enable_bgp_vpn}
+        octavia:
+          source: file
+          name: octavia_policy.json
+          enabled: ${_param:octavia_enabled}
 

diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index b43c12a..1a21465 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml

@@ -10,6 +10,7 @@
     horizon_identity_encryption: none
     horizon_identity_endpoint_type: internalURL
     neutron_enable_bgp_vpn: false
+    octavia_enabled: false
   horizon:
     server:
       enabled: true
@@ -86,3 +87,7 @@
           source: file
           name: bgpvpn_policy.json
           enabled: ${_param:neutron_enable_bgp_vpn}
+        octavia:
+          source: file
+          name: octavia_policy.json
+          enabled: ${_param:octavia_enabled}
commit	55e790b8e6c5816c8bda8d17b1dcaaca5e893892	[log] [tgz]
author	Ann Kamyshnikova <akamyshnikova@mirantis.com>	Tue Oct 02 15:53:32 2018 +0400
committer	Anna Taraday <akamyshnikova@mirantis.com>	Mon Oct 08 07:44:57 2018 +0000
tree	806b3592b604469d3e1f8ac68383fe5836f44927
parent	c9cfd1f2f127bc34b1bf7be84b093cd142eb0237 [diff]