policy.json: Allow one to manage them from the puppet module

This commit allow a deployer to manage the policies via this module It relies on augeas to change only the policy needed. The init takes a hash of policies and apply them. Change-Id: I6ee27a1c4c26c73f5954e6462097fb5ed4dbb7ea
2014-09-26 19:03:16 -04:00
parent abd028a5f6
commit c90a835953
4 changed files with 72 additions and 0 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -204,6 +204,7 @@ class glance::api(
  $sql_connection           = false,
 ) inherits glance {

+  include glance::policy
  require keystone::python

  if $mysql_module {
@@ -215,6 +216,7 @@ class glance::api(
  }

  Package[$glance::params::api_package_name] -> File['/etc/glance/']
+  Package[$glance::params::api_package_name] -> Class['glance::policy']
  Package[$glance::params::api_package_name] -> Glance_api_config<||>
  Package[$glance::params::api_package_name] -> Glance_cache_config<||>

@@ -225,6 +227,7 @@ class glance::api(
  Exec<| title == 'glance-manage db_sync' |> ~> Service['glance-api']
  Glance_api_config<||>   ~> Service['glance-api']
  Glance_cache_config<||> ~> Service['glance-api']
+  Class['glance::policy'] ~> Service['glance-api']

  File {
    ensure  => present,
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -0,0 +1,28 @@
+# == Class: glance::policy
+#
+# Configure the glance policies
+#
+# === Parameters
+#
+# [*policies*]
+#   (optional) Set of policies to configure for glance
+#   Example : { 'glance-context_is_admin' => {'context_is_admin' => 'true'}, 'glance-default' => {'default' => 'rule:admin_or_owner'} }
+#   Defaults to empty hash.
+#
+# [*policy_path*]
+#   (optional) Path to the glance policy.json file
+#   Defaults to /etc/glance/policy.json
+#
+class glance::policy (
+  $policies    = {},
+  $policy_path = '/etc/glance/policy.json',
+) {
+
+  Openstacklib::Policy::Base {
+    file_path => $policy_path,
+  }
+  class { 'openstacklib::policy' :
+    policies => $policies,
+  }
+
+}
--- a/spec/classes/glance_api_spec.rb
+++ b/spec/classes/glance_api_spec.rb
@@ -79,6 +79,7 @@ describe 'glance::api' do
      end

      it { should contain_class 'glance' }
+      it { should contain_class 'glance::policy' }

      it { should contain_service('glance-api').with(
        'ensure'     => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
--- a/spec/classes/glance_policy_spec.rb
+++ b/spec/classes/glance_policy_spec.rb
@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe 'glance::policy' do
+
+  shared_examples_for 'glance policies' do
+    let :params do
+      {
+        :policy_path => '/etc/glance/policy.json',
+        :policies    => {
+          'context_is_admin' => {
+            'key'   => 'context_is_admin',
+            'value' => 'foo:bar'
+          }
+        }
+      }
+    end
+
+    it 'set up the policies' do
+      should contain_class('openstacklib::policy').with({
+        :policies => params[:policies]
+      })
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+
+    it_configures 'glance policies'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat' }
+    end
+
+    it_configures 'glance policies'
+  end
+end