Octavia policy management
- it is possible to specify policy via pillar
Prod-Related: PROD-34053
Change-Id: I0b3878c414195cca8495dcd7450ad5c1b1a4e8a5
diff --git a/tests/pillar/api_cluster.sls b/tests/pillar/api_cluster.sls
index 4322f07..74cdb4b 100644
--- a/tests/pillar/api_cluster.sls
+++ b/tests/pillar/api_cluster.sls
@@ -31,3 +31,12 @@
- host: 127.0.0.1
- host: 127.0.1.1
- host: 127.0.2.1
+ policy:
+ context_is_admin: 'role:admin or role:load-balancer_admin'
+ admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
+ load-balancer:read: 'rule:admin_or_owner'
+ load-balancer:read-global: 'is_admin:True'
+ load-balancer:write: 'rule:admin_or_owner'
+ load-balancer:read-quota: 'rule:admin_or_owner'
+ load-balancer:read-quota-global: 'is_admin:True'
+ load-balancer:write-quota: 'is_admin:True'
diff --git a/tests/pillar/api_single.sls b/tests/pillar/api_single.sls
index 4f9411c..a4d6d4d 100644
--- a/tests/pillar/api_single.sls
+++ b/tests/pillar/api_single.sls
@@ -27,3 +27,12 @@
user: openstack
password: password
virtual_host: '/openstack'
+ policy:
+ context_is_admin: 'role:admin or role:load-balancer_admin'
+ admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
+ load-balancer:read: 'rule:admin_or_owner'
+ load-balancer:read-global: 'is_admin:True'
+ load-balancer:write: 'rule:admin_or_owner'
+ load-balancer:read-quota: 'rule:admin_or_owner'
+ load-balancer:read-quota-global: 'is_admin:True'
+ load-balancer:write-quota: 'is_admin:True'