From 193858a13ba322a41dee2a9a0231d402ef44041a Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Wed, 10 Jan 2018 14:08:33 -0800
Subject: [PATCH] Add group to policy management

The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: I998405939f2481438eb73b5cee2e595fc34073b5
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
---
 manifests/params.pp                 |  1 +
 manifests/policy.pp                 |  5 ++++-
 spec/classes/freezer_policy_spec.rb | 13 ++++++++-----
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index ee613c8..0730b36 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -8,6 +8,7 @@ class freezer::params {
   $client_package     = 'python-freezerclient'
   $freezer_db_backend = 'elasticsearch'
   $db_sync_command    = 'freezer-manage db sync'
+  $group              = 'freezer'
 
 # TODO: vnogin
 # Test Freezer API wsgi app in Apache
diff --git a/manifests/policy.pp b/manifests/policy.pp
index f4a358a..d0cd5f0 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -29,11 +29,14 @@ class freezer::policy (
 ) {
 
   include ::freezer::deps
+  include ::freezer::params
 
   validate_hash($policies)
 
   Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::freezer::params::group,
   }
 
   create_resources('openstacklib::policy::base', $policies)
diff --git a/spec/classes/freezer_policy_spec.rb b/spec/classes/freezer_policy_spec.rb
index 1afc4de..c176f6d 100644
--- a/spec/classes/freezer_policy_spec.rb
+++ b/spec/classes/freezer_policy_spec.rb
@@ -1,7 +1,8 @@
 require 'spec_helper'
 
 describe 'freezer::policy' do
-  shared_examples_for 'freezer-policies' do
+
+  shared_examples_for 'freezer policies' do
     let :params do
       {
         :policy_path => '/etc/freezer/policy.json',
@@ -16,8 +17,10 @@ describe 'freezer::policy' do
 
     it 'set up the policies' do
       is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'freezer',
       })
       is_expected.to contain_oslo__policy('freezer_config').with(
         :policy_file => '/etc/freezer/policy.json',
@@ -26,14 +29,14 @@ describe 'freezer::policy' do
   end
 
   on_supported_os({
-    :supported_os => OSDefaults.get_supported_os
+    :supported_os   => OSDefaults.get_supported_os
   }).each do |os,facts|
     context "on #{os}" do
       let (:facts) do
         facts.merge!(OSDefaults.get_facts())
       end
 
-      it_behaves_like 'freezer-policies'
+      it_configures 'freezer policies'
     end
   end
 end