policy.json: Allow one to manage them from the puppet module

This commit allow a deployer to manage the policies via this module
It relies on augeas to change only the policy needed. The init takes
a hash of policies and apply them.

Change-Id: I8bd71a740294394009b2ad581121a9999956b5d0
This commit is contained in:
Yanis Guenane 2014-09-26 19:06:18 -04:00
parent 1c50fa5c9b
commit a8b26db75a
4 changed files with 74 additions and 0 deletions

View File

@ -90,8 +90,10 @@ class ironic::api (
) {
include ironic::params
include ironic::policy
Ironic_config<||> ~> Service['ironic-api']
Class['ironic::policy'] ~> Service['ironic-api']
# Configure ironic.conf
ironic_config {
@ -102,6 +104,7 @@ class ironic::api (
# Install package
if $::ironic::params::api_package {
Package['ironic-api'] -> Class['ironic::policy']
Package['ironic-api'] -> Service['ironic-api']
Package['ironic-api'] -> Ironic_config<||>
package { 'ironic-api':

29
manifests/policy.pp Normal file
View File

@ -0,0 +1,29 @@
# == Class: ironic::policy
#
# Configure the ironic policies
#
# === Parameters
#
# [*policies*]
# (optional) Set of policies to configure for ironic
# Example : { 'ironic-context_is_admin' => {'context_is_admin' => 'true'}, 'ironic-default' => {'default' => 'rule:admin_or_owner'} }
# Defaults to empty hash.
#
# [*policy_path*]
# (optional) Path to the ironic policy.json file
# Defaults to /etc/ironic/policy.json
#
class ironic::policy (
$policies = {},
$policy_path = '/etc/ironic/policy.json',
) {
validate_hash($policies)
Openstacklib::Policy::Base {
file_path => $policy_path,
}
create_resources('openstacklib::policy::base', $policies)
}

View File

@ -42,6 +42,7 @@ describe 'ironic::api' do
end
it { should contain_class('ironic::params') }
it { should contain_class('ironic::policy') }
it 'installs ironic api package' do
if platform_params.has_key?(:api_package)

View File

@ -0,0 +1,41 @@
require 'spec_helper'
describe 'ironic::policy' do
shared_examples_for 'ironic policies' do
let :params do
{
:policy_path => '/etc/ironic/policy.json',
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
'value' => 'foo:bar'
}
}
}
end
it 'set up the policies' do
should contain_openstacklib__policy__base('context_is_admin').with({
:key => 'context_is_admin',
:value => 'foo:bar'
})
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
it_configures 'ironic policies'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'ironic policies'
end
end