Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: rhos-18.0.0
Affects Version/s: None
Component/s: octavia-operator
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

we should be able to override the octavia policy with the following spec:

octaviaAPI:
  defaultConfigOverwrite:
    policy.yaml: |
      "system_admin": "role:admin"
      "system_reader": "role:admin"
      [..]

but the file is not handled properly, it's copied to the container but with limited permission (the octavia-api process cannot read it)

sh-5.1# ls -l /var/lib/config-data/merged/policy.yaml
-rw-r-----. 1 root root 963 May 22 12:41 /var/lib/config-data/merged/policy.yaml

we should do something like https://github.com/openstack-k8s-operators/nova-operator/blob/main/templates/novaapi/config/nova-api-config.json#L52-L56

links to

openstack-k8s-operators/octavia-operator#315: Fix missing config for policy file override

mentioned on

Merge request - Updated US source to: 5414e8c Merge pull request #317 from shiftstack/OSPRH-7546

Merge request - Updated US source to: fd1cdcc Merge pull request #305 from openstack-k8s-operators/renovate/openstack-k8s-operators

Assignee:: Gregory Thiemonge

Reporter:: Gregory Thiemonge

Team:: rhos-dfg-networking-squad-vans

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/05/22 3:36 PM

Updated:: 2024/06/17 8:10 PM

Resolved:: 2024/06/06 1:20 PM