From b6936383da7d78692a11830bf655b893eef63da9 Mon Sep 17 00:00:00 2001 From: Nenad Radojevic Date: Tue, 19 Jul 2016 13:53:44 +0000 Subject: [PATCH] Configurable policy.json for keystone Copy custom policy.json into keystone container Change-Id: I58787c3dd7adbeff47d0898c23db95f5919510d3 Closes-Bug: #1604431 --- ansible/roles/keystone/tasks/config.yml | 11 +++++++++++ ansible/roles/keystone/templates/keystone.json.j2 | 7 +++++++ 2 files changed, 18 insertions(+) diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml index e64a8d7df2..12c3f47eb3 100644 --- a/ansible/roles/keystone/tasks/config.yml +++ b/ansible/roles/keystone/tasks/config.yml @@ -1,4 +1,8 @@ --- +- name: Check if Policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/keystone/policy.json" + register: keystone_policy + - name: Check if Keystone Domain specific settings enabled local_action: stat path="{{ node_custom_config }}/keystone/domains" register: keystone_domain_cfg @@ -49,6 +53,13 @@ with_fileglob: - "{{ node_custom_config }}/keystone/domains/*" +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/keystone/policy.json" + dest: "{{ node_config_directory }}/keystone/policy.json" + when: + keystone_policy.stat.exists + - name: Copying over wsgi-keystone.conf template: src: "wsgi-keystone.conf.j2" diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2 index 21cc9559ec..acd507ff8a 100644 --- a/ansible/roles/keystone/templates/keystone.json.j2 +++ b/ansible/roles/keystone/templates/keystone.json.j2 @@ -16,6 +16,13 @@ "perm": "0600", "optional": true }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/keystone/policy.json", + "owner": "keystone", + "perm": "0600", + "optional": true + }, { "source": "{{ container_config_directory }}/wsgi-keystone.conf", "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",