openstack
/
puppet-ec2api
Code Issues Proposed changes

Expose policy_default_rule 

The option has been managed by the underlying puppet-oslo module but
has not bee configurable. This introduces the parameter to customize
the option.

Change-Id: I2382514189617edb9454c3d9e8b5f15de9c96237
This commit is contained in:
Takashi Kajinami 2023-01-23 14:21:21 +09:00
parent af01001c62
commit 7b72e641ff
3 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
manifests/policy.pp
View File

@ -1,6 +1,6 @@
# == Class: ec2api::policy
# == Class: designate::policy
#
# Configure the ec2api policies
# Configure the designate policies
#
# === Parameters
#
@ -14,14 +14,14 @@
# Defaults to $::os_service_default.
#
# [*policies*]
# (Optional) Set of policies to configure for ec2api
# (Optional) Set of policies to configure for designate
# Example :
# {
# 'ec2api-context_is_admin' => {
# 'designate-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'ec2api-default' => {
# 'designate-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
@ -29,11 +29,15 @@
# Defaults to empty hash.
#
# [*policy_path*]
# (Optional) Path to the ec2api policy.yaml file
# Defaults to /etc/ec2api/policy.yaml
# (Optional) Path to the designate policy.yaml file
# Defaults to /etc/designate/policy.yaml
#
# [*policy_default_rule*]
# (Optional) Default rule. Enforced when a requested rule is not found.
# Defaults to $::os_service_default.
#
# [*policy_dirs*]
# (Optional) Path to the ec2api policy folder
# (Optional) Path to the designate policy folder
# Defaults to $::os_service_default
#
# [*purge_config*]
@ -41,17 +45,18 @@
# file.
# Defaults to false.
#
class ec2api::policy (
class designate::policy (
$enforce_scope = $::os_service_default,
$enforce_new_defaults = $::os_service_default,
$policies = {},
$policy_path = '/etc/ec2api/policy.yaml',
$policy_path = '/etc/designate/policy.yaml',
$policy_default_rule = $::os_service_default,
$policy_dirs = $::os_service_default,
$purge_config = false,
) {
include ec2api::deps
include ec2api::params
include designate::deps
include designate::params
validate_legacy(Hash, 'validate_hash', $policies)
@ -59,17 +64,18 @@ class ec2api::policy (
policies => $policies,
policy_path => $policy_path,
file_user => 'root',
file_group => $::ec2api::params::group,
file_group => $::designate::params::group,
file_format => 'yaml',
purge_config => $purge_config,
}
create_resources('openstacklib::policy', { $policy_path => $policy_parameters })
oslo::policy { 'ec2api_config':
oslo::policy { 'designate_config':
enforce_scope => $enforce_scope,
enforce_new_defaults => $enforce_new_defaults,
policy_file => $policy_path,
policy_default_rule => $policy_default_rule,
policy_dirs => $policy_dirs,
}

4
releasenotes/notes/policy_default_rule-f461d05743ac14b3.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``designate::policy::policy_default_rule`` parameter has been added.

36
spec/classes/ec2api_policy_spec.rb
View File

@ -1,15 +1,16 @@
require 'spec_helper'
describe 'ec2api::policy' do
shared_examples 'ec2api::policy' do
describe 'designate::policy' do
shared_examples 'designate::policy' do
context 'setup policy with parameters' do
let :params do
{
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_path => '/etc/ec2api/policy.yaml',
:policy_dirs => '/etc/ec2api/policy.d',
:policy_path => '/etc/designate/policy.yaml',
:policy_default_rule => 'default',
:policy_dirs => '/etc/designate/policy.d',
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
@ -20,24 +21,25 @@ describe 'ec2api::policy' do
end
it 'set up the policies' do
is_expected.to contain_openstacklib__policy('/etc/ec2api/policy.yaml').with(
is_expected.to contain_openstacklib__policy('/etc/designate/policy.yaml').with(
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
'value' => 'foo:bar'
}
},
:policy_path => '/etc/ec2api/policy.yaml',
:policy_path => '/etc/designate/policy.yaml',
:file_user => 'root',
:file_group => 'ec2api',
:file_group => 'designate',
:file_format => 'yaml',
:purge_config => false,
)
is_expected.to contain_oslo__policy('ec2api_config').with(
is_expected.to contain_oslo__policy('designate_config').with(
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_file => '/etc/ec2api/policy.yaml',
:policy_dirs => '/etc/ec2api/policy.d',
:policy_file => '/etc/designate/policy.yaml',
:policy_default_rule => 'default',
:policy_dirs => '/etc/designate/policy.d',
)
end
end
@ -47,25 +49,25 @@ describe 'ec2api::policy' do
{
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_path => '/etc/ec2api/policy.yaml',
:policy_path => '/etc/designate/policy.yaml',
:policies => {},
:purge_config => true,
}
end
it 'set up the policies' do
is_expected.to contain_openstacklib__policy('/etc/ec2api/policy.yaml').with(
is_expected.to contain_openstacklib__policy('/etc/designate/policy.yaml').with(
:policies => {},
:policy_path => '/etc/ec2api/policy.yaml',
:policy_path => '/etc/designate/policy.yaml',
:file_user => 'root',
:file_group => 'ec2api',
:file_group => 'designate',
:file_format => 'yaml',
:purge_config => true,
)
is_expected.to contain_oslo__policy('ec2api_config').with(
is_expected.to contain_oslo__policy('designate_config').with(
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_file => '/etc/ec2api/policy.yaml',
:policy_file => '/etc/designate/policy.yaml',
)
end
end
@ -79,7 +81,7 @@ describe 'ec2api::policy' do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ec2api::policy'
it_behaves_like 'designate::policy'
end
end
end