Merge "Allow customizing policy files"
This commit is contained in:
commit
83ac80ed9d
|
@ -33,11 +33,16 @@
|
||||||
# (optional) Concurrency to retrieve response from template generator.
|
# (optional) Concurrency to retrieve response from template generator.
|
||||||
# Defualts to 2
|
# Defualts to 2
|
||||||
#
|
#
|
||||||
|
# [*policies*]
|
||||||
|
# (optional) Set of policies to configure.
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
class horizon::dashboards::heat(
|
class horizon::dashboards::heat(
|
||||||
$enable_user_pass = true,
|
$enable_user_pass = true,
|
||||||
$policy_file = 'heat_policy.yaml',
|
$policy_file = 'heat_policy.yaml',
|
||||||
$template_generator_api_timeout = 60,
|
$template_generator_api_timeout = 60,
|
||||||
$template_generator_api_parallel = 2,
|
$template_generator_api_parallel = 2,
|
||||||
|
$policies = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include horizon::deps
|
include horizon::deps
|
||||||
|
@ -81,4 +86,19 @@ class horizon::dashboards::heat(
|
||||||
content => template('horizon/_1699_orchestration_settings.py.erb'),
|
content => template('horizon/_1699_orchestration_settings.py.erb'),
|
||||||
order => '50',
|
order => '50',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $policies != undef {
|
||||||
|
# The horizon::policy class should be included so that some common
|
||||||
|
# parameters about policy management can be picked here
|
||||||
|
if !defined(Class[horizon::policy]){
|
||||||
|
fail('The horizon::policy class should be include in advance to customize policies')
|
||||||
|
}
|
||||||
|
|
||||||
|
horizon::policy::base { $policy_file_real:
|
||||||
|
policies => $policies,
|
||||||
|
file_mode => $::horizon::policy::file_mode,
|
||||||
|
file_format => $::horizon::policy::file_format,
|
||||||
|
purge_config => $::horizon::policy::purge_config,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,9 +32,14 @@
|
||||||
# 'enable_public_shares': Boolean
|
# 'enable_public_shares': Boolean
|
||||||
# 'enabled_share_protocols': Array
|
# 'enabled_share_protocols': Array
|
||||||
#
|
#
|
||||||
|
# [*policies*]
|
||||||
|
# (optional) Set of policies to configure.
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
class horizon::dashboards::manila(
|
class horizon::dashboards::manila(
|
||||||
$policy_file = 'manila_policy.yaml',
|
$policy_file = 'manila_policy.yaml',
|
||||||
$manila_options = {}
|
$manila_options = {},
|
||||||
|
$policies = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include horizon::deps
|
include horizon::deps
|
||||||
|
@ -90,4 +95,19 @@ class horizon::dashboards::manila(
|
||||||
content => template('horizon/_90_manila_shares.py.erb'),
|
content => template('horizon/_90_manila_shares.py.erb'),
|
||||||
order => '50',
|
order => '50',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $policies != undef {
|
||||||
|
# The horizon::policy class should be included so that some common
|
||||||
|
# parameters about policy management can be picked here
|
||||||
|
if !defined(Class[horizon::policy]){
|
||||||
|
fail('The horizon::policy class should be include in advance to customize policies')
|
||||||
|
}
|
||||||
|
|
||||||
|
horizon::policy::base { $policy_file_real:
|
||||||
|
policies => $policies,
|
||||||
|
file_mode => $::horizon::policy::file_mode,
|
||||||
|
file_format => $::horizon::policy::file_format,
|
||||||
|
purge_config => $::horizon::policy::purge_config,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,8 +21,13 @@
|
||||||
# (optional) Local copy of service policy files.
|
# (optional) Local copy of service policy files.
|
||||||
# Defaults to 'octavia_policy.yaml'
|
# Defaults to 'octavia_policy.yaml'
|
||||||
#
|
#
|
||||||
|
# [*policies*]
|
||||||
|
# (optional) Set of policies to configure.
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
class horizon::dashboards::octavia(
|
class horizon::dashboards::octavia(
|
||||||
$policy_file = 'octavia_policy.yaml',
|
$policy_file = 'octavia_policy.yaml',
|
||||||
|
$policies = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include horizon::deps
|
include horizon::deps
|
||||||
|
@ -65,4 +70,19 @@ class horizon::dashboards::octavia(
|
||||||
content => template('horizon/_1499_load_balancer_settings.py.erb'),
|
content => template('horizon/_1499_load_balancer_settings.py.erb'),
|
||||||
order => '50',
|
order => '50',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $policies != undef {
|
||||||
|
# The horizon::policy class should be included so that some common
|
||||||
|
# parameters about policy management can be picked here
|
||||||
|
if !defined(Class[horizon::policy]){
|
||||||
|
fail('The horizon::policy class should be include in advance to customize policies')
|
||||||
|
}
|
||||||
|
|
||||||
|
horizon::policy::base { $policy_file_real:
|
||||||
|
policies => $policies,
|
||||||
|
file_mode => $::horizon::policy::file_mode,
|
||||||
|
file_format => $::horizon::policy::file_format,
|
||||||
|
purge_config => $::horizon::policy::purge_config,
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,6 +36,11 @@ class horizon::deps {
|
||||||
-> Service<| title == 'httpd' |>
|
-> Service<| title == 'httpd' |>
|
||||||
~> anchor { 'horizon::service::end': }
|
~> anchor { 'horizon::service::end': }
|
||||||
|
|
||||||
|
# policy config should occur in the config block
|
||||||
|
Anchor['horizon::config::begin']
|
||||||
|
-> Openstacklib::Policy<||>
|
||||||
|
~> Anchor['horizon::config::end']
|
||||||
|
|
||||||
# Installation or config changes will always restart services.
|
# Installation or config changes will always restart services.
|
||||||
Anchor['horizon::install::end'] ~> Anchor['horizon::service::begin']
|
Anchor['horizon::install::end'] ~> Anchor['horizon::service::begin']
|
||||||
Anchor['horizon::config::end'] ~> Anchor['horizon::service::begin']
|
Anchor['horizon::config::end'] ~> Anchor['horizon::service::begin']
|
||||||
|
|
|
@ -706,6 +706,13 @@ and usage of a quoted value is deprecated.')
|
||||||
$neutron_options_real = merge($neutron_defaults,$neutron_options)
|
$neutron_options_real = merge($neutron_defaults,$neutron_options)
|
||||||
$instance_options_real = merge($instance_defaults,$instance_options)
|
$instance_options_real = merge($instance_defaults,$instance_options)
|
||||||
|
|
||||||
|
if $policy_files_path != undef {
|
||||||
|
validate_legacy(String, 'validate_string', $policy_files_path)
|
||||||
|
$policy_files_path_real = $policy_files_path
|
||||||
|
} else {
|
||||||
|
$policy_files_path_real = $::horizon::params::policy_dir
|
||||||
|
}
|
||||||
|
|
||||||
validate_legacy(Hash, 'validate_hash', $api_versions)
|
validate_legacy(Hash, 'validate_hash', $api_versions)
|
||||||
validate_legacy(Enum['on', 'off'], 'validate_re', $password_autocomplete, [['^on$', '^off$']])
|
validate_legacy(Enum['on', 'off'], 'validate_re', $password_autocomplete, [['^on$', '^off$']])
|
||||||
validate_legacy(Enum['legacy', 'angular'], 'validate_re', $images_panel, [['^legacy$', '^angular$']])
|
validate_legacy(Enum['legacy', 'angular'], 'validate_re', $images_panel, [['^legacy$', '^angular$']])
|
||||||
|
|
|
@ -14,6 +14,7 @@ class horizon::params {
|
||||||
$config_dir = '/etc/openstack-dashboard'
|
$config_dir = '/etc/openstack-dashboard'
|
||||||
$conf_d_dir = '/etc/openstack-dashboard/local_settings.d'
|
$conf_d_dir = '/etc/openstack-dashboard/local_settings.d'
|
||||||
$config_file = '/etc/openstack-dashboard/local_settings'
|
$config_file = '/etc/openstack-dashboard/local_settings'
|
||||||
|
$policy_dir = '/etc/openstack-dashboard'
|
||||||
$httpd_config_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
$httpd_config_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
||||||
$httpd_listen_config_file = '/etc/httpd/conf/httpd.conf'
|
$httpd_listen_config_file = '/etc/httpd/conf/httpd.conf'
|
||||||
$root_url = '/dashboard'
|
$root_url = '/dashboard'
|
||||||
|
@ -29,6 +30,7 @@ class horizon::params {
|
||||||
$config_dir = '/etc/openstack-dashboard'
|
$config_dir = '/etc/openstack-dashboard'
|
||||||
$conf_d_dir = '/etc/openstack-dashboard/local_settings.d'
|
$conf_d_dir = '/etc/openstack-dashboard/local_settings.d'
|
||||||
$config_file = '/etc/openstack-dashboard/local_settings.py'
|
$config_file = '/etc/openstack-dashboard/local_settings.py'
|
||||||
|
$policy_dir = undef
|
||||||
$httpd_listen_config_file = '/etc/apache2/ports.conf'
|
$httpd_listen_config_file = '/etc/apache2/ports.conf'
|
||||||
$root_url = '/horizon'
|
$root_url = '/horizon'
|
||||||
$static_path = '/var/lib'
|
$static_path = '/var/lib'
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
# == Class horizon::policy
|
||||||
|
#
|
||||||
|
# Manage policy files for Horizon
|
||||||
|
#
|
||||||
|
# == Parameters
|
||||||
|
#
|
||||||
|
# [*file_mode*]
|
||||||
|
# (Optional) Permission mode for the policy file.
|
||||||
|
# Defaults to '0640'
|
||||||
|
#
|
||||||
|
# [*file_format*]
|
||||||
|
# (Optional) Format for file contents.
|
||||||
|
# Defaults to 'yaml'.
|
||||||
|
#
|
||||||
|
# [*purge_config*]
|
||||||
|
# (Optional) Whether to set only the specified policy rules in the policy
|
||||||
|
# file.
|
||||||
|
# Defaults to false.
|
||||||
|
#
|
||||||
|
# [*cinder_policies*]
|
||||||
|
# (Optional) Set of cinder policies to configure.
|
||||||
|
# Defaults to {}
|
||||||
|
#
|
||||||
|
# [*glance_policies*]
|
||||||
|
# (Optional) Set of glance policies to configure.
|
||||||
|
# Defaults to {}
|
||||||
|
#
|
||||||
|
# [*keystone_policies*]
|
||||||
|
# (Optional) Set of keystone policies to configure.
|
||||||
|
# Defaults to {}
|
||||||
|
#
|
||||||
|
# [*neutron_policies*]
|
||||||
|
# (Optional) Set of neutron policies to configure.
|
||||||
|
# Defaults to {}
|
||||||
|
#
|
||||||
|
# [*nova_policies*]
|
||||||
|
# (Optional) Set of nova policies to configure.
|
||||||
|
# Defaults to {}
|
||||||
|
#
|
||||||
|
class horizon::policy(
|
||||||
|
# common parameters
|
||||||
|
$file_mode = '0640',
|
||||||
|
$file_format = 'yaml',
|
||||||
|
$purge_config = false,
|
||||||
|
# service specific parameters
|
||||||
|
$cinder_policies = {},
|
||||||
|
$glance_policies = {},
|
||||||
|
$keystone_policies = {},
|
||||||
|
$neutron_policies = {},
|
||||||
|
$nova_policies = {},
|
||||||
|
) {
|
||||||
|
include horizon::deps
|
||||||
|
|
||||||
|
if !defined(Class[horizon]){
|
||||||
|
fail('The horizon class should be included in advance')
|
||||||
|
}
|
||||||
|
|
||||||
|
$policy_files = pick($::horizon::policy_files, {})
|
||||||
|
$policy_files_default = {
|
||||||
|
'identity' => 'keystone_policy.yaml',
|
||||||
|
'compute' => 'nova_policy.yaml',
|
||||||
|
'volume' => 'cinder_policy.yaml',
|
||||||
|
'image' => 'glance_policy.yaml',
|
||||||
|
'network' => 'neutron_policy.yaml',
|
||||||
|
}
|
||||||
|
$policy_files_real = merge($policy_files_default, $policy_files)
|
||||||
|
|
||||||
|
$policy_resources = {
|
||||||
|
$policy_files_real['volume'] => { 'policies' => $cinder_policies },
|
||||||
|
$policy_files_real['image'] => { 'policies' => $glance_policies },
|
||||||
|
$policy_files_real['identity'] => { 'policies' => $keystone_policies },
|
||||||
|
$policy_files_real['network'] => { 'policies' => $neutron_policies },
|
||||||
|
$policy_files_real['compute'] => { 'policies' => $nova_policies },
|
||||||
|
}
|
||||||
|
|
||||||
|
$policy_defaults = {
|
||||||
|
'file_mode' => $file_mode,
|
||||||
|
'file_format' => $file_format,
|
||||||
|
'purge_config' => $purge_config
|
||||||
|
}
|
||||||
|
|
||||||
|
create_resources('horizon::policy::base', $policy_resources, $policy_defaults)
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
# == Define horizon::policy::base
|
||||||
|
#
|
||||||
|
# Manage a policy file for Horizon
|
||||||
|
#
|
||||||
|
# == Parameters
|
||||||
|
#
|
||||||
|
# [*policy_file*]
|
||||||
|
# (Optional) Name to the policy file.
|
||||||
|
# Defaults to $name
|
||||||
|
#
|
||||||
|
# [*policies*]
|
||||||
|
# (Optional) Set of policies to configure
|
||||||
|
#
|
||||||
|
# [*file_mode*]
|
||||||
|
# (Optional) Permission mode for the policy file
|
||||||
|
# Defaults to '0640'
|
||||||
|
#
|
||||||
|
# [*file_format*]
|
||||||
|
# (Optional) Format for file contents. Valid values
|
||||||
|
# Defaults to 'yaml'.
|
||||||
|
#
|
||||||
|
# [*purge_config*]
|
||||||
|
# (Optional) Whether to set only the specified policy rules in the policy
|
||||||
|
# file.
|
||||||
|
# Defaults to false.
|
||||||
|
#
|
||||||
|
define horizon::policy::base(
|
||||||
|
$policy_file = $name,
|
||||||
|
$policies = {},
|
||||||
|
$file_mode = '0640',
|
||||||
|
$file_format = 'yaml',
|
||||||
|
$purge_config = false,
|
||||||
|
) {
|
||||||
|
include horizon::deps
|
||||||
|
include horizon::params
|
||||||
|
|
||||||
|
validate_legacy(String, 'validate_string', $policy_file)
|
||||||
|
|
||||||
|
if !defined(Class[horizon]){
|
||||||
|
fail('The horizon class should be included in advance')
|
||||||
|
}
|
||||||
|
|
||||||
|
$policy_files_path = $::horizon::policy_files_path_real
|
||||||
|
if ! $policy_files_path {
|
||||||
|
# In Ubuntu/Debian, the default policies files are located in source
|
||||||
|
# directories, and the path should be updated to more appropriate path
|
||||||
|
# like /etc.
|
||||||
|
fail('Please set the horizon::policy_files_path parameter to customize policies')
|
||||||
|
}
|
||||||
|
|
||||||
|
openstacklib::policy { "${policy_files_path}/${policy_file}" :
|
||||||
|
policies => $policies,
|
||||||
|
file_user => $::horizon::params::wsgi_user,
|
||||||
|
file_group => $::horizon::params::wsgi_group,
|
||||||
|
file_mode => $file_mode,
|
||||||
|
file_format => $file_format,
|
||||||
|
purge_config => $purge_config
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new ``horizon::policy`` class has been added. This class can be used
|
||||||
|
to manage policy rules for the following services.
|
||||||
|
|
||||||
|
- ``cinder``
|
||||||
|
- ``glance``
|
||||||
|
- ``keystone``
|
||||||
|
- ``neutron``
|
||||||
|
- ``nova``
|
||||||
|
|
||||||
|
- |
|
||||||
|
The new ``policies`` parameter has been added to the following classes,
|
||||||
|
to allow customizing policiy rules for additional services.
|
||||||
|
|
||||||
|
- ``horizon::dashboards::heat``
|
||||||
|
- ``horizon::dashboards::octavia``
|
||||||
|
- ``horizon::dashboards::manila``
|
|
@ -91,6 +91,52 @@ eos
|
||||||
context 'without the horizon class defined' do
|
context 'without the horizon class defined' do
|
||||||
it { should raise_error(Puppet::Error) }
|
it { should raise_error(Puppet::Error) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with policy customization' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
class { 'horizon::policy': }
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures policy' do
|
||||||
|
is_expected.to contain_horizon__policy__base('heat_policy.yaml').with(
|
||||||
|
:policies => {},
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with policy customization but without the horizon::policy class' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
|
|
@ -46,6 +46,52 @@ eos
|
||||||
context 'without the horizon class defined' do
|
context 'without the horizon class defined' do
|
||||||
it { should raise_error(Puppet::Error) }
|
it { should raise_error(Puppet::Error) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with policy customization' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
class { 'horizon::policy': }
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures policy' do
|
||||||
|
is_expected.to contain_horizon__policy__base('manila_policy.yaml').with(
|
||||||
|
:policies => {},
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with policy customization but without the horizon::policy class' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
|
|
@ -37,6 +37,52 @@ eos
|
||||||
context 'without the horizon class defined' do
|
context 'without the horizon class defined' do
|
||||||
it { should raise_error(Puppet::Error) }
|
it { should raise_error(Puppet::Error) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with policy customization' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
class { 'horizon::policy': }
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures policy' do
|
||||||
|
is_expected.to contain_horizon__policy__base('octavia_policy.yaml').with(
|
||||||
|
:policies => {},
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with policy customization but without the horizon::policy class' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard',
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:policies => {}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
|
|
@ -0,0 +1,120 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'horizon::policy' do
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples_for 'horizon::policy' do
|
||||||
|
|
||||||
|
context 'with default parameters' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard'
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures defaults' do
|
||||||
|
is_expected.to contain_horizon__policy__base('cinder_policy.yaml').with(
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('glance_policy.yaml').with(
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('keystone_policy.yaml').with(
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('neutron_policy.yaml').with(
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('nova_policy.yaml').with(
|
||||||
|
:file_mode => '0640',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with parameters' do
|
||||||
|
let(:pre_condition) do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/opt/openstack-dashboard',
|
||||||
|
policy_files => {
|
||||||
|
'identity' => 'keystone.yaml',
|
||||||
|
'compute' => 'nova.yaml',
|
||||||
|
'volume' => 'cinder.yaml',
|
||||||
|
'image' => 'glance.yaml',
|
||||||
|
'network' => 'neutron.yaml'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:file_mode => '0644',
|
||||||
|
:purge_config => true,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures defaults' do
|
||||||
|
is_expected.to contain_horizon__policy__base('cinder.yaml').with(
|
||||||
|
:file_mode => '0644',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('glance.yaml').with(
|
||||||
|
:file_mode => '0644',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('keystone.yaml').with(
|
||||||
|
:file_mode => '0644',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('neutron.yaml').with(
|
||||||
|
:file_mode => '0644',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
is_expected.to contain_horizon__policy__base('nova.yaml').with(
|
||||||
|
:file_mode => '0644',
|
||||||
|
:file_format => 'yaml',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'without the horizon class defined' do
|
||||||
|
it { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'horizon::policy'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -0,0 +1,88 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'horizon::policy::base' do
|
||||||
|
let (:title) { 'keystone_policy.yaml' }
|
||||||
|
|
||||||
|
shared_examples 'horizon::policy::base' do
|
||||||
|
context 'with default' do
|
||||||
|
let :pre_condition do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/etc/openstack-dashboard'
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should configure defaults' do
|
||||||
|
is_expected.to contain_openstacklib__policy('/etc/openstack-dashboard/keystone_policy.yaml').with(
|
||||||
|
:policies => {},
|
||||||
|
:file_user => platform_params[:wsgi_user],
|
||||||
|
:file_group => platform_params[:wsgi_group],
|
||||||
|
:file_mode => '0640',
|
||||||
|
:purge_config => false,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with parameters' do
|
||||||
|
let :pre_condition do
|
||||||
|
<<-eos
|
||||||
|
class { 'horizon':
|
||||||
|
secret_key => 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0',
|
||||||
|
policy_files_path => '/opt/openstack-dashboard'
|
||||||
|
}
|
||||||
|
eos
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:file_mode => '0644',
|
||||||
|
:purge_config => true,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should configure defaults' do
|
||||||
|
is_expected.to contain_openstacklib__policy('/opt/openstack-dashboard/keystone_policy.yaml').with(
|
||||||
|
:policies => {},
|
||||||
|
:file_user => platform_params[:wsgi_user],
|
||||||
|
:file_group => platform_params[:wsgi_group],
|
||||||
|
:file_mode => '0644',
|
||||||
|
:purge_config => true,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'without the horizon class defined' do
|
||||||
|
it { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
let (:platform_params) do
|
||||||
|
case facts[:osfamily]
|
||||||
|
when 'Debian'
|
||||||
|
{ :wsgi_user => 'horizon',
|
||||||
|
:wsgi_group => 'horizon' }
|
||||||
|
when 'RedHat'
|
||||||
|
{ :wsgi_user => 'apache',
|
||||||
|
:wsgi_group => 'apache' }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'horizon::policy::base'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -672,10 +672,8 @@ DEFAULT_THEME = '<%= @default_theme %>'
|
||||||
|
|
||||||
# Path to directory containing policy.json files
|
# Path to directory containing policy.json files
|
||||||
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
|
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
|
||||||
<% if !(@policy_files_path.nil?) %>
|
<% if !(@policy_files_path_real.nil?) -%>
|
||||||
POLICY_FILES_PATH = '<%= @policy_files_path %>'
|
POLICY_FILES_PATH = '<%= @policy_files_path_real %>'
|
||||||
<% elsif @osfamily == 'RedHat' %>
|
|
||||||
POLICY_FILES_PATH = '/etc/openstack-dashboard'
|
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
||||||
# Map of local copy of service policy files.
|
# Map of local copy of service policy files.
|
||||||
|
|
Loading…
Reference in New Issue