Do not remove policy.yaml file

oslo.policy can not handle policy file removal. As a result, if policy overrides were defined at some point, but then removed, causes service outage. While we could add a handler trigger to restart the service on policy removal, it's better to simplify the logic and always place an empty policy.yaml even if no overrides are defined. Change-Id: I3d908eb861b5026d14437780264ec7422646f49f Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
2025-11-14 10:33:16 +01:00
parent d186f8adcc
commit 2e7ffb9e7c
1 changed files with 1 additions and 12 deletions
--- a/tasks/barbican_post_install.yml
+++ b/tasks/barbican_post_install.yml
@@ -39,7 +39,7 @@
    - Restart barbican services
    - Restart uwsgi services

- name: Implement policy.yaml if there are overrides configured
+- name: Place policy.yaml file
  openstack.config_template.config_template:
    content: "{{ barbican_policy_overrides }}"
    dest: "{{ barbican_etc_directory }}/policy.yaml"
@@ -47,20 +47,9 @@
    group: "{{ barbican_system_group_name }}"
    mode: "0640"
    config_type: yaml
-  when:
-    - barbican_policy_overrides | length > 0
  tags:
    - barbican-policy-override

- name: Remove legacy policy.yaml file
-  ansible.builtin.file:
-    path: "{{ barbican_etc_directory }}/policy.yaml"
-    state: absent
-  tags:
-    - barbican-policy-override
-  when:
-    - barbican_policy_overrides | length == 0
-
 - name: Copy user defined libraries
  when: barbican_user_libraries | length > 0
  block: