Support policy.yaml file [part 8]

- Horizon

This will copy only yaml or json policy file if they exist.

Change-Id: Ib8875ca54dc9dc69abc8338413f7724d9d4ecc45
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
Dai Dang Van 2018-01-11 10:39:36 +07:00
parent 574c68b375
commit 6d49dbb48a
4 changed files with 67 additions and 41 deletions

View File

@ -12,6 +12,39 @@
- item.value.enabled | bool
with_dict: "{{ horizon_services }}"
- set_fact:
custom_policy: []
- include: policy_item.yml
vars:
project_name: "{{ item.name }}"
when: item.enabled | bool
with_items:
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "congress", enabled: "{{ enable_congress }}" }
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
- name: Copying over config.json files for services
become: true
vars:
@ -65,51 +98,19 @@
notify:
- Restart horizon container
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json"
run_once: True
register: custom_policy
when: item.enabled | bool
with_items:
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
- name: Copying over existing policy.json
- name: Copying over existing policy file
become: true
vars:
horizon: "{{ horizon_services['horizon'] }}"
template:
src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json"
dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json"
src: "{{ item }}"
dest: "{{ node_config_directory }}/horizon/{{ item | basename }}"
mode: "0660"
register: policy_jsons
when:
- horizon.enabled | bool
- inventory_hostname in groups[horizon.group]
- item.item.enabled | bool
- item.stat.exists
with_items: "{{ custom_policy.results }}"
with_items: "{{ custom_policy }}"
notify:
- Restart horizon container

View File

@ -0,0 +1,22 @@
---
# Update policy file name
- set_fact:
supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ fullpath }}"
run_once: True
register: overwritten_files
with_first_found:
- files: "{{ supported_policy_files }}"
paths:
- "{{ node_custom_config }}/horizon/"
skip: true
loop_control:
loop_var: fullpath
- set_fact:
custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]"
when:
- overwritten_files.results

View File

@ -36,13 +36,12 @@
"owner": "horizon",
"perm": "0600"
},
{% for service, enabled in services if enabled | bool %}
{% for path in custom_policy %}
{
"source": "{{ container_config_directory }}/{{ service }}_policy.json",
"dest": "/etc/openstack-dashboard/{{ service }}_policy.json",
"source": "{{ container_config_directory }}/{{ path | basename }}",
"dest": "/etc/openstack-dashboard/{{ path | basename }}",
"owner": "horizon",
"perm": "0600",
"optional": true
"perm": "0600"
},
{% endfor %}
{

View File

@ -70,6 +70,9 @@ def check_json_j2():
def bool_filter(value):
return True
def basename_filter(text):
return text.split('\\')[-1]
# Mock ansible hostvars variable, which is a nested dict
def hostvars():
return collections.defaultdict(hostvars)
@ -82,6 +85,7 @@ def check_json_j2():
env = jinja2.Environment( # nosec: not used to render HTML
loader=jinja2.FileSystemLoader(root))
env.filters['bool'] = bool_filter
env.filters['basename'] = basename_filter
template = env.get_template(filename)
# Mock ansible variables.
context = {