Dynamic policy file discovery
Patrole should eventually support other services like Heat and Murano, not just the Big Tent services included in Tempest.
Part of that requires that Patrole be able to dynamically discover custom policy files. The current solution proposed below is not perfect, but will work in more situations than today.
Dynamic discover of policy files means: Looking in prescribed locations for each service's policy file and using the first one that is encountered.
This means that
cfg.
cfg.
...
in [0] should be replaced with a single config option called "custom_
cfg.
Each policy path assumes that the service name is included in the path.
The paths should be ordered by precedence, with high-priority paths
before low-priority paths. The first path that is found to contain
the relevant policy file by service will be chosen.""")
Then in tempest.conf under [rbac] the following could be included:
custom_
Afterward, discovery of each service's policy file can be included in RbacPolicyParser once, inside ``validate_
The logic here will have to be updated as well: [2].
[0] https:/
[1] https:/
[2] https:/
Blueprint information
- Status:
- Complete
- Approver:
- Samantha Blanco
- Priority:
- Medium
- Drafter:
- Felipe Monteiro
- Direction:
- Approved
- Assignee:
- Felipe Monteiro
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Felipe Monteiro
- Completed by
- Felipe Monteiro
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Dynamic policy file discovery