Add blank access_rules file

When starting the keystone-api pod, the service checks for a
access_rules file for application credentials during startup.
If the file does not exist, keystone emits a warning saying the
file is not found:

WARNING keystone.access_rules_config.backends.json [-] No config
file found for access rules, application credential access rules
will be unavailable.: FileNotFoundError: [Errno 2] No such file
or directory: '/etc/keystone/access_rules.json'

This change adds in a blank access_rules.json file to the
keystone etc directory in order to surpress this message.

Change-Id: I63ac153cc91ac45b3fd223f8a54b933b5cbffac4
This commit is contained in:
Gage Hugo 2020-10-15 11:37:29 -05:00
parent 0699a2c162
commit fe53b5e559
4 changed files with 7 additions and 1 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Keystone description: OpenStack-Helm Keystone
name: keystone name: keystone
version: 0.1.1 version: 0.1.2
home: https://docs.openstack.org/keystone/latest/ home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources: sources:

View File

@ -56,6 +56,7 @@ data:
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }}
keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
policy.json: {{ toJson .Values.conf.policy | b64enc }} policy.json: {{ toJson .Values.conf.policy | b64enc }}
access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }}
ports.conf: '' ports.conf: ''
{{- range $k, $v := .Values.conf.ks_domains }} {{- range $k, $v := .Values.conf.ks_domains }}
keystone.{{ $k }}.json: {{ toJson $v | b64enc }} keystone.{{ $k }}.json: {{ toJson $v | b64enc }}

View File

@ -113,6 +113,10 @@ spec:
mountPath: /etc/keystone/policy.json mountPath: /etc/keystone/policy.json
subPath: policy.json subPath: policy.json
readOnly: true readOnly: true
- name: keystone-etc
mountPath: /etc/keystone/access_rules.json
subpath: access_rules.json
readOnly: true
- name: keystone-etc - name: keystone-etc
mountPath: /etc/keystone/sso_callback_template.html mountPath: /etc/keystone/sso_callback_template.html
subPath: sso_callback_template.html subPath: sso_callback_template.html

View File

@ -777,6 +777,7 @@ conf:
identity:update_domain_config: rule:admin_required identity:update_domain_config: rule:admin_required
identity:delete_domain_config: rule:admin_required identity:delete_domain_config: rule:admin_required
identity:get_domain_config_default: rule:admin_required identity:get_domain_config_default: rule:admin_required
access_rules: {}
rabbitmq: rabbitmq:
# NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
policies: policies: