Add blank access_rules file

When starting the keystone-api pod, the service checks for a access_rules file for application credentials during startup. If the file does not exist, keystone emits a warning saying the file is not found: WARNING keystone.access_rules_config.backends.json [-] No config file found for access rules, application credential access rules will be unavailable.: FileNotFoundError: [Errno 2] No such file or directory: '/etc/keystone/access_rules.json' This change adds in a blank access_rules.json file to the keystone etc directory in order to surpress this message. Change-Id: I63ac153cc91ac45b3fd223f8a54b933b5cbffac4
2020-10-15 11:37:29 -05:00 · 2020-10-15 11:37:29 -05:00 · fe53b5e559
commit fe53b5e559
parent 0699a2c162
4 changed files with 7 additions and 1 deletions
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.1
+version: 0.1.2
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@ -56,6 +56,7 @@ data:
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.logging | b64enc }}
  keystone-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
  policy.json: {{  toJson .Values.conf.policy | b64enc }}
+  access_rules.json: {{ toJson .Values.conf.access_rules | b64enc }}
  ports.conf: ''
 {{- range $k, $v := .Values.conf.ks_domains }}
  keystone.{{ $k }}.json: {{ toJson $v | b64enc }}
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@ -113,6 +113,10 @@ spec:
              mountPath: /etc/keystone/policy.json
              subPath: policy.json
              readOnly: true
+            - name: keystone-etc
+              mountPath: /etc/keystone/access_rules.json
+              subpath: access_rules.json
+              readOnly: true
            - name: keystone-etc
              mountPath: /etc/keystone/sso_callback_template.html
              subPath: sso_callback_template.html
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -777,6 +777,7 @@ conf:
    identity:update_domain_config: rule:admin_required
    identity:delete_domain_config: rule:admin_required
    identity:get_domain_config_default: rule:admin_required
+  access_rules: {}
  rabbitmq:
    # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
    policies: