3bc17a62f9
The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Change-Id: I2101ddb29e48733a5a5982daafe074ce1c983e9c Co-Authored-By: Alex Schultz <aschultz@redhat.com>
49 lines
1.1 KiB
Puppet
49 lines
1.1 KiB
Puppet
# == Class: glance::policy
|
|
#
|
|
# Configure the glance policies
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*policies*]
|
|
# (optional) Set of policies to configure for glance
|
|
# Example :
|
|
# {
|
|
# 'glance-context_is_admin' => {
|
|
# 'key' => 'context_is_admin',
|
|
# 'value' => 'true'
|
|
# },
|
|
# 'glance-default' => {
|
|
# 'key' => 'default',
|
|
# 'value' => 'rule:admin_or_owner'
|
|
# }
|
|
# }
|
|
# Defaults to empty hash.
|
|
#
|
|
# [*policy_path*]
|
|
# (optional) Path to the glance policy.json file
|
|
# Defaults to /etc/glance/policy.json
|
|
#
|
|
class glance::policy (
|
|
$policies = {},
|
|
$policy_path = '/etc/glance/policy.json',
|
|
) {
|
|
|
|
include ::glance::deps
|
|
include ::glance::params
|
|
|
|
validate_hash($policies)
|
|
|
|
Openstacklib::Policy::Base {
|
|
file_path => $policy_path,
|
|
file_user => 'root',
|
|
file_group => $::glance::params::group,
|
|
require => Anchor['glance::config::begin'],
|
|
notify => Anchor['glance::config::end'],
|
|
}
|
|
|
|
create_resources('openstacklib::policy::base', $policies)
|
|
|
|
oslo::policy { ['glance_api_config', 'glance_registry_config']: policy_file => $policy_path }
|
|
|
|
}
|