From 96a2e8664ae49782f245a0522eeb009dc9cc420a Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Tue, 29 Jul 2025 16:45:19 +0100 Subject: [PATCH] Improve Ironic Horizon out of the box experience Policy override was causing lots of error messages in the Ironic view of Horizon. I've asked upstream if we can get this enabled by default: https://bugs.launchpad.net/horizon/+bug/2102214 But are yet to see any traction. --- .../kolla/config/horizon/_9999-custom-settings.py | 1 + etc/kayobe/kolla/config/ironic/policy.yaml | 2 +- ...x-ironic-horizon-integration-c844d19bd36ed014.yaml | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 etc/kayobe/kolla/config/horizon/_9999-custom-settings.py create mode 100644 releasenotes/notes/fix-ironic-horizon-integration-c844d19bd36ed014.yaml diff --git a/etc/kayobe/kolla/config/horizon/_9999-custom-settings.py b/etc/kayobe/kolla/config/horizon/_9999-custom-settings.py new file mode 100644 index 000000000..f27c222a9 --- /dev/null +++ b/etc/kayobe/kolla/config/horizon/_9999-custom-settings.py @@ -0,0 +1 @@ +SYSTEM_SCOPE_SERVICES = ['ironic'] diff --git a/etc/kayobe/kolla/config/ironic/policy.yaml b/etc/kayobe/kolla/config/ironic/policy.yaml index e37f33113..b0ea55266 100644 --- a/etc/kayobe/kolla/config/ironic/policy.yaml +++ b/etc/kayobe/kolla/config/ironic/policy.yaml @@ -4,4 +4,4 @@ # GET /nodes/detail # Intended scope(s): system, project # Overridden: added role:admin -"baremetal:node:list_all": "role:admin or (role:reader and system_scope:all) or (role:service and system_scope:all) or rule:service_role" +"baremetal:node:list_all": "role:baremetal_node_list_all or (role:reader and system_scope:all) or (role:service and system_scope:all) or rule:service_role" diff --git a/releasenotes/notes/fix-ironic-horizon-integration-c844d19bd36ed014.yaml b/releasenotes/notes/fix-ironic-horizon-integration-c844d19bd36ed014.yaml new file mode 100644 index 000000000..b789a2f00 --- /dev/null +++ b/releasenotes/notes/fix-ironic-horizon-integration-c844d19bd36ed014.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + Users with the admin role can can no longer list all baremetal nodes by + default. This broke horizon as it tries to collect data for any nodes + that it can see. Please add the baremetal_node_list_all role + to any users to want this capability; it is not recommened since + Horizon will remain broken for them. +fixes: + - | + Fixes Horizon Ironic integration which was broken by custom policy.