Comment 3 for bug 1633090

Ok so we need some way to j2 template the resource_registry entries in network-isolation.yaml, similar to https://review.openstack.org/#/c/378735/

The missing piece we have here is a way to easily define which role has access to which network (roles_data.yaml doesn't contain this information, only the operator really knows what a sane mapping of networks to roles will be, in the case of operator defined custom roles).

My initial assumption was that folks would simply pass an environment file (which overrides the default noop mappings) based on knowledge of the roles they're defining, but it seems the request here is to somehow "automatically" wire this in via roles_data.yaml?

If we do that, what would a reasonable default mapping in network-isolation.yaml look like for user defined roles? Just wire all networks in to all user-defined roles?