Support policy.yaml file [part 8]

- Horizon This will copy only yaml or json policy file if they exist. Change-Id: Ib8875ca54dc9dc69abc8338413f7724d9d4ecc45 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
2018-01-11 10:39:36 +07:00 · 2018-01-11 10:39:36 +07:00 · 6d49dbb48a
parent 574c68b375
commit 6d49dbb48a
4 changed files with 67 additions and 41 deletions
--- a/ansible/roles/horizon/tasks/config.yml
+++ b/ansible/roles/horizon/tasks/config.yml
@ -12,6 +12,39 @@
    - item.value.enabled | bool
  with_dict: "{{ horizon_services }}"

+- set_fact:
+   custom_policy: []
+
+- include: policy_item.yml
+  vars:
+    project_name: "{{ item.name }}"
+  when: item.enabled | bool
+  with_items:
+    - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
+    - { name: "cinder", enabled: "{{ enable_cinder }}" }
+    - { name: "congress", enabled: "{{ enable_congress }}" }
+    - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
+    - { name: "designate", enabled: "{{ enable_horizon_designate }}" }
+    - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
+    - { name: "glance", enabled: "{{ enable_glance }}" }
+    - { name: "heat", enabled: "{{ enable_heat }}" }
+    - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
+    - { name: "keystone", enabled: "{{ enable_keystone }}" }
+    - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
+    - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
+    - { name: "manila", enabled: "{{ enable_horizon_manila }}" }
+    - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
+    - { name: "murano", enabled: "{{ enable_horizon_murano }}" }
+    - { name: "neutron", enabled: "{{ enable_neutron }}" }
+    - { name: "nova", enabled: "{{ enable_nova }}" }
+    - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
+    - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
+    - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
+    - { name: "solum", enabled: "{{ enable_horizon_solum }}" }
+    - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
+    - { name: "trove", enabled: "{{ enable_horizon_trove }}" }
+    - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
+
 - name: Copying over config.json files for services
  become: true
  vars:
@ -65,51 +98,19 @@
  notify:
    - Restart horizon container

- name: Check if policies shall be overwritten
-  local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json"
-  run_once: True
-  register: custom_policy
-  when: item.enabled | bool
-  with_items:
-    - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
-    - { name: "cinder", enabled: "{{ enable_cinder }}" }
-    - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
-    - { name: "designate", enabled: "{{ enable_horizon_designate }}" }
-    - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
-    - { name: "glance", enabled: "{{ enable_glance }}" }
-    - { name: "heat", enabled: "{{ enable_heat }}" }
-    - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
-    - { name: "keystone", enabled: "{{ enable_keystone }}" }
-    - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
-    - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
-    - { name: "manila", enabled: "{{ enable_horizon_manila }}" }
-    - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
-    - { name: "murano", enabled: "{{ enable_horizon_murano }}" }
-    - { name: "neutron", enabled: "{{ enable_neutron }}" }
-    - { name: "nova", enabled: "{{ enable_nova }}" }
-    - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
-    - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
-    - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
-    - { name: "solum", enabled: "{{ enable_horizon_solum }}" }
-    - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
-    - { name: "trove", enabled: "{{ enable_horizon_trove }}" }
-    - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
-
- name: Copying over existing policy.json
+- name: Copying over existing policy file
  become: true
  vars:
    horizon: "{{ horizon_services['horizon'] }}"
  template:
-    src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json"
-    dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json"
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/horizon/{{ item | basename }}"
    mode: "0660"
  register: policy_jsons
  when:
    - horizon.enabled | bool
    - inventory_hostname in groups[horizon.group]
-    - item.item.enabled | bool
-    - item.stat.exists
-  with_items: "{{ custom_policy.results }}"
+  with_items: "{{ custom_policy }}"
  notify:
    - Restart horizon container

--- a/ansible/roles/horizon/tasks/policy_item.yml
+++ b/ansible/roles/horizon/tasks/policy_item.yml
@ -0,0 +1,22 @@
+---
+
+# Update policy file name
+- set_fact:
+    supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ fullpath }}"
+  run_once: True
+  register: overwritten_files
+  with_first_found:
+    - files: "{{ supported_policy_files }}"
+      paths:
+        - "{{ node_custom_config }}/horizon/"
+      skip: true
+  loop_control:
+    loop_var: fullpath
+
+- set_fact:
+    custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]"
+  when:
+    - overwritten_files.results
--- a/ansible/roles/horizon/templates/horizon.json.j2
+++ b/ansible/roles/horizon/templates/horizon.json.j2
@ -36,13 +36,12 @@
            "owner": "horizon",
            "perm": "0600"
        },
-{% for service, enabled in services if enabled | bool %}
+{% for path in custom_policy %}
        {
-            "source": "{{ container_config_directory }}/{{ service }}_policy.json",
-            "dest": "/etc/openstack-dashboard/{{ service }}_policy.json",
+            "source": "{{ container_config_directory }}/{{ path | basename }}",
+            "dest": "/etc/openstack-dashboard/{{ path | basename }}",
            "owner": "horizon",
-            "perm": "0600",
-            "optional": true
+            "perm": "0600"
        },
 {% endfor %}
        {
--- a/tools/validate-all-file.py
+++ b/tools/validate-all-file.py
@ -70,6 +70,9 @@ def check_json_j2():
    def bool_filter(value):
        return True

+    def basename_filter(text):
+        return text.split('\\')[-1]
+
    # Mock ansible hostvars variable, which is a nested dict
    def hostvars():
        return collections.defaultdict(hostvars)
@ -82,6 +85,7 @@ def check_json_j2():
        env = jinja2.Environment(  # nosec: not used to render HTML
            loader=jinja2.FileSystemLoader(root))
        env.filters['bool'] = bool_filter
+        env.filters['basename'] = basename_filter
        template = env.get_template(filename)
        # Mock ansible variables.
        context = {