Configurable policy.json for keystone

Copy custom policy.json into keystone container Change-Id: I58787c3dd7adbeff47d0898c23db95f5919510d3 Closes-Bug: #1604431
2016-07-19 13:53:44 +00:00 · 2016-07-19 13:53:44 +00:00 · b6936383da
parent 85300a4f8f
commit b6936383da
2 changed files with 18 additions and 0 deletions
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@ -1,4 +1,8 @@
 ---
+- name: Check if Policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
+  register: keystone_policy
+
 - name: Check if Keystone Domain specific settings enabled
  local_action: stat path="{{ node_custom_config }}/keystone/domains"
  register: keystone_domain_cfg
@ -49,6 +53,13 @@
  with_fileglob:
    - "{{ node_custom_config }}/keystone/domains/*"

+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/keystone/policy.json"
+    dest: "{{ node_config_directory }}/keystone/policy.json"
+  when:
+    keystone_policy.stat.exists
+
 - name: Copying over wsgi-keystone.conf
  template:
    src: "wsgi-keystone.conf.j2"
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@ -16,6 +16,13 @@
            "perm": "0600",
            "optional": true
        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/keystone/policy.json",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",