Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced by yaml[1]. [1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Currently stable version of Gnocchi (either 4.3 or 4.4) doesn't have policy rules implemented in code and provides its default policy rules written in json format. Thus we explicitly need to convert the json file to a yaml file so that Gnochi services can read the default rules. Depends-on: https://review.opendev.org/769647 Change-Id: Iba79229c293aae0718812e6520b2cddaa25066dc
This commit is contained in:
parent
2439d4c0ca
commit
c5484cf9ee
|
@ -20,12 +20,12 @@
|
|||
# Defaults to empty hash.
|
||||
#
|
||||
# [*policy_path*]
|
||||
# (Optional) Path to the nova policy.json file
|
||||
# Defaults to /etc/gnocchi/policy.json
|
||||
# (Optional) Path to the nova policy.yaml file
|
||||
# Defaults to /etc/gnocchi/policy.yaml
|
||||
#
|
||||
class gnocchi::policy (
|
||||
$policies = {},
|
||||
$policy_path = '/etc/gnocchi/policy.json',
|
||||
$policy_path = '/etc/gnocchi/policy.yaml',
|
||||
) {
|
||||
|
||||
include gnocchi::deps
|
||||
|
@ -33,10 +33,22 @@ class gnocchi::policy (
|
|||
|
||||
validate_legacy(Hash, 'validate_hash', $policies)
|
||||
|
||||
# TODO(tkajinam): Remove this once version with policy-in-code implementation
|
||||
# is released.
|
||||
exec { 'gnocci-oslopolicy-convert-json-to-yaml':
|
||||
command => "oslopolicy-convert-json-to-yaml --namespace gnocchi --policy-file /etc/gnocchi/policy.json --output-file ${policy_path}",
|
||||
unless => "test -f ${policy_path}",
|
||||
path => ['/bin','/usr/bin','/usr/local/bin'],
|
||||
require => Anchor['gnocchi::install::end'],
|
||||
}
|
||||
Exec<| title == 'gnocchi-oslopolicy-convert-json-to-yaml' |>
|
||||
-> File<| title == $policy_path |>
|
||||
|
||||
Openstacklib::Policy::Base {
|
||||
file_path => $policy_path,
|
||||
file_user => 'root',
|
||||
file_group => $::gnocchi::params::group,
|
||||
file_path => $policy_path,
|
||||
file_user => 'root',
|
||||
file_group => $::gnocchi::params::group,
|
||||
file_format => 'yaml',
|
||||
}
|
||||
|
||||
create_resources('openstacklib::policy::base', $policies)
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
Now policy.yaml is used by default instead of policy.json.
|
|
@ -5,7 +5,7 @@ describe 'gnocchi::policy' do
|
|||
shared_examples_for 'gnocchi policies' do
|
||||
let :params do
|
||||
{
|
||||
:policy_path => '/etc/gnocchi/policy.json',
|
||||
:policy_path => '/etc/gnocchi/policy.yaml',
|
||||
:policies => {
|
||||
'context_is_admin' => {
|
||||
'key' => 'context_is_admin',
|
||||
|
@ -17,13 +17,14 @@ describe 'gnocchi::policy' do
|
|||
|
||||
it 'set up the policies' do
|
||||
is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar',
|
||||
:file_user => 'root',
|
||||
:file_group => 'gnocchi',
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar',
|
||||
:file_user => 'root',
|
||||
:file_group => 'gnocchi',
|
||||
:file_format => 'yaml',
|
||||
})
|
||||
is_expected.to contain_oslo__policy('gnocchi_config').with(
|
||||
:policy_file => '/etc/gnocchi/policy.json',
|
||||
:policy_file => '/etc/gnocchi/policy.yaml',
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue