Merge "Allow purging policy files"

2021-09-20 06:38:19 +00:00
parent 2874b242cc ab183463c3
commit cd0cb0d286
3 changed files with 82 additions and 31 deletions
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -36,12 +36,18 @@
 #   (Optional) Path to the cloudkitty policy folder
 #   Defaults to $::os_service_default
 #
+# [*purge_config*]
+#   (optional) Whether to set only the specified policy rules in the policy
+#    file.
+#    Defaults to false.
+#
 class cloudkitty::policy (
  $enforce_scope        = $::os_service_default,
  $enforce_new_defaults = $::os_service_default,
  $policies             = {},
  $policy_path          = '/etc/cloudkitty/policy.yaml',
  $policy_dirs          = $::os_service_default,
+  $purge_config         = false,
 ) {

  include cloudkitty::deps
@@ -49,14 +55,16 @@ class cloudkitty::policy (

  validate_legacy(Hash, 'validate_hash', $policies)

-  Openstacklib::Policy::Base {
-    file_path   => $policy_path,
-    file_user   => 'root',
-    file_group  => $::cloudkitty::params::group,
-    file_format => 'yaml',
+  $policy_parameters = {
+    policies     => $policies,
+    policy_path  => $policy_path,
+    file_user    => 'root',
+    file_group   => $::cloudkitty::params::group,
+    file_format  => 'yaml',
+    purge_config => $purge_config,
  }

-  create_resources('openstacklib::policy::base', $policies)
+  create_resources('openstacklib::policy', { $policy_path => $policy_parameters })

  oslo::policy { 'cloudkitty_config':
    enforce_scope        => $enforce_scope,
--- a/releasenotes/notes/policy_purge_config-321dc16fa2aab902.yaml
+++ b/releasenotes/notes/policy_purge_config-321dc16fa2aab902.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds new purge_config parameter. When set to true, the policy file is
+    cleared during configuration process. This allows to remove any existing
+    rules before applying them or clean the file when all policies got removed.
--- a/spec/classes/cloudkitty_policy_spec.rb
+++ b/spec/classes/cloudkitty_policy_spec.rb
@@ -2,35 +2,72 @@ require 'spec_helper'

 describe 'cloudkitty::policy' do
  shared_examples 'cloudkitty::policy' do
-    let :params do
-      {
-        :enforce_scope        => false,
-        :enforce_new_defaults => false,
-        :policy_path          => '/etc/cloudkitty/policy.yaml',
-        :policy_dirs          => '/etc/cloudkitty/policy.d',
-        :policies             => {
-          'context_is_admin' => {
-            'key'   => 'context_is_admin',
-            'value' => 'foo:bar'
+
+    context 'setup policy with parameters' do
+      let :params do
+        {
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_path          => '/etc/cloudkitty/policy.yaml',
+          :policy_dirs          => '/etc/cloudkitty/policy.d',
+          :policies             => {
+            'context_is_admin' => {
+              'key'   => 'context_is_admin',
+              'value' => 'foo:bar'
+            }
          }
        }
-      }
+      end
+
+      it 'set up the policies' do
+        is_expected.to contain_openstacklib__policy('/etc/cloudkitty/policy.yaml').with(
+          :policies     => {
+            'context_is_admin' => {
+              'key'   => 'context_is_admin',
+              'value' => 'foo:bar'
+            }
+          },
+          :policy_path  => '/etc/cloudkitty/policy.yaml',
+          :file_user    => 'root',
+          :file_group   => 'cloudkitty',
+          :file_format  => 'yaml',
+          :purge_config => false,
+        )
+        is_expected.to contain_oslo__policy('cloudkitty_config').with(
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_file          => '/etc/cloudkitty/policy.yaml',
+          :policy_dirs          => '/etc/cloudkitty/policy.d',
+        )
+      end
    end

-    it 'set up the policies' do
-      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key         => 'context_is_admin',
-        :value       => 'foo:bar',
-        :file_user   => 'root',
-        :file_group  => 'cloudkitty',
-        :file_format => 'yaml',
-      })
-      is_expected.to contain_oslo__policy('cloudkitty_config').with(
-        :enforce_scope        => false,
-        :enforce_new_defaults => false,
-        :policy_file          => '/etc/cloudkitty/policy.yaml',
-        :policy_dirs          => '/etc/cloudkitty/policy.d',
-      )
+    context 'with empty policies and purge_config enabled' do
+      let :params do
+        {
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_path          => '/etc/cloudkitty/policy.yaml',
+          :policies             => {},
+          :purge_config         => true,
+        }
+      end
+
+      it 'set up the policies' do
+        is_expected.to contain_openstacklib__policy('/etc/cloudkitty/policy.yaml').with(
+          :policies     => {},
+          :policy_path  => '/etc/cloudkitty/policy.yaml',
+          :file_user    => 'root',
+          :file_group   => 'cloudkitty',
+          :file_format  => 'yaml',
+          :purge_config => true,
+        )
+        is_expected.to contain_oslo__policy('cloudkitty_config').with(
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_file          => '/etc/cloudkitty/policy.yaml',
+        )
+      end
    end
  end