Add group to policy management

The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: I3b4d162e4ba79f1dcc9e98e7a600b3b3203018f3 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-10 14:07:50 -08:00 · 2018-01-10 14:07:50 -08:00 · f03bc45b99
parent f562bff73e
commit f03bc45b99
3 changed files with 24 additions and 12 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -12,6 +12,7 @@ class ceilometer::params {
  $event_pipeline      = '/etc/ceilometer/event_pipeline.yaml'
  $pipeline            = '/etc/ceilometer/pipeline.yaml'
  $polling             = '/etc/ceilometer/polling.yaml'
+  $group               = 'ceilometer'

  case $::osfamily {
    'RedHat': {
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -2,18 +2,25 @@
 #
 # Configure the ceilometer policies
 #
-# === Parameters:
+# === Parameters
 #
 # [*policies*]
-#   (Optional) Set of policies to configure for ceilometer
-#   Example : {
-#               'ceilometer-context_is_admin' => {'context_is_admin' => 'true'},
-#               'ceilometer-default' => {'default' => 'rule:admin_or_owner'}
-#             }
+#   (optional) Set of policies to configure for ceilometer
+#   Example :
+#     {
+#       'ceilometer-context_is_admin' => {
+#         'key' => 'context_is_admin',
+#         'value' => 'true'
+#       },
+#       'ceilometer-default' => {
+#         'key' => 'default',
+#         'value' => 'rule:admin_or_owner'
+#       }
+#     }
 #   Defaults to empty hash.
 #
 # [*policy_path*]
-#   (Optional) Path to the ceilometer policy.json file
+#   (optional) Path to the ceilometer policy.json file
 #   Defaults to /etc/ceilometer/policy.json
 #
 class ceilometer::policy (
@ -22,11 +29,14 @@ class ceilometer::policy (
 ) {

  include ::ceilometer::deps
+  include ::ceilometer::params

  validate_hash($policies)

  Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::ceilometer::params::group,
  }

  create_resources('openstacklib::policy::base', $policies)
--- a/spec/classes/ceilometer_policy_spec.rb
+++ b/spec/classes/ceilometer_policy_spec.rb
@ -17,8 +17,10 @@ describe 'ceilometer::policy' do

    it 'set up the policies' do
      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'ceilometer',
      })
      is_expected.to contain_oslo__policy('ceilometer_config').with(
        :policy_file => '/etc/ceilometer/policy.json',
@ -34,8 +36,7 @@ describe 'ceilometer::policy' do
        facts.merge!(OSDefaults.get_facts())
      end

-      it_behaves_like 'ceilometer policies'
+      it_configures 'ceilometer policies'
    end
  end
-
 end