Remove policy json file

Remove the policy.json template, as they contain no templated variables. This would allow use of the policy.json files provided via the package, and decrease the need to sync them with upstream Change-Id: I2e4e3b5ed25b1449678e33dbd4ea45fcb6cac946 Implements: blueprint remove-policy-templates
2014-04-17 11:18:56 -05:00 · 2014-04-17 11:18:56 -05:00 · 3839660292
parent 8d2cc01705
commit 3839660292
10 changed files with 4 additions and 102 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,9 @@
 # CHANGELOG for cookbook-openstack-orchestration

 This file is used to list changes made in each version of cookbook-openstack-orchestration
+## 9.0.1
+* Remove policy file
+
 ## 9.0.0
 * Upgrade to Icehouse

--- a/metadata.rb
+++ b/metadata.rb
@ -4,7 +4,7 @@ maintainer        'IBM, Inc.'
 license           'Apache 2.0'
 description       'Installs and configures the Heat Service'
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           '9.0.0'
+version           '9.0.1'
 recipe            'openstack-orchestration::api', 'Start and configure the Heat API service'
 recipe            'openstack-orchestration::api-cfn', 'Start and configure the Heat API CloudFormation service'
 recipe            'openstack-orchestration::api-cloudwatch', 'Start and configure the Heat API CloudWatch service'
--- a/recipes/api-cfn.rb
+++ b/recipes/api-cfn.rb
@ -45,11 +45,3 @@ template '/etc/heat/api-paste.ini' do
  mode   00644
  notifies :restart, 'service[heat-api-cfn]', :immediately
 end
-
-template '/etc/heat/policy.json' do
-  source 'policy.json.erb'
-  group  node['openstack']['orchestration']['group']
-  owner  node['openstack']['orchestration']['user']
-  mode   00644
-  notifies :restart, 'service[heat-api-cfn]', :immediately
-end
--- a/recipes/api-cloudwatch.rb
+++ b/recipes/api-cloudwatch.rb
@ -49,11 +49,3 @@ template '/etc/heat/api-paste.ini' do
  mode   00644
  notifies :restart, 'service[heat-api-cloudwatch]', :immediately
 end
-
-template '/etc/heat/policy.json' do
-  source 'policy.json.erb'
-  group  node['openstack']['orchestration']['group']
-  owner  node['openstack']['orchestration']['user']
-  mode   00644
-  notifies :restart, 'service[heat-api-cloudwatch]', :immediately
-end
--- a/recipes/api.rb
+++ b/recipes/api.rb
@ -45,11 +45,3 @@ template '/etc/heat/api-paste.ini' do
  mode   00644
  notifies :restart, 'service[heat-api]', :immediately
 end
-
-template '/etc/heat/policy.json' do
-  source 'policy.json.erb'
-  group  node['openstack']['orchestration']['group']
-  owner  node['openstack']['orchestration']['user']
-  mode   00644
-  notifies :restart, 'service[heat-api]', :immediately
-end
--- a/spec/api-cfn-redhat_spec.rb
+++ b/spec/api-cfn-redhat_spec.rb
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api-cfn' do

    expect_creates_api_paste 'service[heat-api-cfn]'

-    expect_creates_policy_json 'service[heat-api-cfn]', 'heat', 'heat'
-
    it 'starts heat api-cfn on boot' do
      expect(@chef_run).to enable_service('openstack-heat-api-cfn')
    end
--- a/spec/api-cloudwatch-redhat_spec.rb
+++ b/spec/api-cloudwatch-redhat_spec.rb
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api-cloudwatch' do

    expect_creates_api_paste 'service[heat-api-cloudwatch]'

-    expect_creates_policy_json 'service[heat-api-cloudwatch]', 'heat', 'heat'
-
    it 'starts heat api-cloudwatch on boot' do
      expect(@chef_run).to enable_service('openstack-heat-api-cloudwatch')
    end
--- a/spec/api-redhat_spec.rb
+++ b/spec/api-redhat_spec.rb
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api' do

    expect_creates_api_paste 'service[heat-api]'

-    expect_creates_policy_json 'service[heat-api]', 'heat', 'heat'
-
    it 'starts heat api on boot' do
      expect(@chef_run).to enable_service('openstack-heat-api')
    end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -86,24 +86,3 @@ def expect_creates_api_paste(service, action = :restart) # rubocop:disable Metho
    end
  end
 end
-
-def expect_creates_policy_json(service, user, group, action = :restart) # rubocop:disable MethodLength
-  describe 'policy.json' do
-    before do
-      @template = @chef_run.template '/etc/heat/policy.json'
-    end
-
-    it 'has proper owner' do
-      expect(@template.owner).to eq(user)
-      expect(@template.group).to eq(group)
-    end
-
-    it 'has proper modes' do
-      expect(sprintf('%o', @template.mode)).to eq '644'
-    end
-
-    it 'notifies service restart' do
-      expect(@template).to notify(service).to(action)
-    end
-  end
-end
--- a/templates/default/policy.json.erb
+++ b/templates/default/policy.json.erb
@ -1,50 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "deny_stack_user": "not role:heat_stack_user",
-
-    "cloudformation:ListStacks": "rule:deny_stack_user",
-    "cloudformation:CreateStack": "rule:deny_stack_user",
-    "cloudformation:DescribeStacks": "rule:deny_stack_user",
-    "cloudformation:DeleteStack": "rule:deny_stack_user",
-    "cloudformation:UpdateStack": "rule:deny_stack_user",
-    "cloudformation:DescribeStackEvents": "rule:deny_stack_user",
-    "cloudformation:ValidateTemplate": "rule:deny_stack_user",
-    "cloudformation:GetTemplate": "rule:deny_stack_user",
-    "cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
-    "cloudformation:DescribeStackResource": "",
-    "cloudformation:DescribeStackResources": "rule:deny_stack_user",
-    "cloudformation:ListStackResources": "rule:deny_stack_user",
-
-    "cloudwatch:DeleteAlarms": "rule:deny_stack_user",
-    "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
-    "cloudwatch:DescribeAlarms": "rule:deny_stack_user",
-    "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
-    "cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
-    "cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
-    "cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
-    "cloudwatch:ListMetrics": "rule:deny_stack_user",
-    "cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
-    "cloudwatch:PutMetricData": "",
-    "cloudwatch:SetAlarmState": "rule:deny_stack_user",
-
-    "actions:action": "rule:deny_stack_user",
-    "build_info:build_info": "rule:deny_stack_user",
-    "events:index": "rule:deny_stack_user",
-    "events:show": "rule:deny_stack_user",
-    "resource:index": "rule:deny_stack_user",
-    "resource:metadata": "",
-    "resource:show": "rule:deny_stack_user",
-    "stacks:abandon": "rule:deny_stack_user",
-    "stacks:create": "rule:deny_stack_user",
-    "stacks:delete": "rule:deny_stack_user",
-    "stacks:detail": "rule:deny_stack_user",
-    "stacks:generate_template": "rule:deny_stack_user",
-    "stacks:index": "rule:deny_stack_user",
-    "stacks:list_resource_types": "rule:deny_stack_user",
-    "stacks:lookup": "rule:deny_stack_user",
-    "stacks:resource_schema": "rule:deny_stack_user",
-    "stacks:show": "rule:deny_stack_user",
-    "stacks:template": "rule:deny_stack_user",
-    "stacks:update": "rule:deny_stack_user",
-    "stacks:validate_template": "rule:deny_stack_user"
-}