commit 24e9fed527ac2913aea0861c83dce23cd3b9724a
author Roman Lubianyi <rlubianyi@mirantis.com> Wed Jul 22 15:02:46 2020 +0300
committer rlubianyi <rlubianyi@mirantis.com> Wed Jul 22 12:07:07 2020 +0000
tree c1db51d1a74344e21f098f804b5326579973b578
parent d14f053d27d9f1d4c073866145f32770d414d534

Add default policy for Panko

PROD-35531

Change-Id: I591e0365af4849bbe2a5c2ef9f4b19440a122395

defaults/openstack/policy/all.yml

diff --git a/defaults/openstack/policy/all.yml b/defaults/openstack/policy/all.yml
index 3e0975a..ccb81a4 100644
--- a/defaults/openstack/policy/all.yml
+++ b/defaults/openstack/policy/all.yml
@@ -1448,6 +1448,13 @@
       "load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
       "load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
       "os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
+    panko_default_policy_ocata: {}
+    panko_default_policy_pike:
+      "context_is_admin": "role:admin"
+      "segregation": "rule:context_is_admin"
+      "telemetry:events:index": ""
+      "telemetry:events:show": ""
+    panko_default_policy_queens: ${_param:panko_default_policy_pike}
     telemetry_default_policy_ocata: {}
     telemetry_default_policy_pike:
       "context_is_admin": "role:admin"

defaults/openstack/policy/panko.yml

diff --git a/defaults/openstack/policy/panko.yml b/defaults/openstack/policy/panko.yml
new file mode 100644
index 0000000..d2c88ae
--- /dev/null
+++ b/defaults/openstack/policy/panko.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+  panko:
+    server:
+      policy: ${_param:panko_default_policy_${_param:openstack_version}}