Add group to policy management
The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: Idff05735bd2e2155253cd96eafc5e1e7c28b03b5 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
This commit is contained in:
parent
2058c38a45
commit
c547a02bdd
|
@ -29,6 +29,7 @@ class ironic::params {
|
|||
$client_package = 'python-ironicclient'
|
||||
$inspector_client_package = 'python-ironic-inspector-client'
|
||||
$lib_package_name = 'python-ironic-lib'
|
||||
$group = 'ironic'
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
|
|
|
@ -6,7 +6,17 @@
|
|||
#
|
||||
# [*policies*]
|
||||
# (optional) Set of policies to configure for ironic
|
||||
# Example : { 'ironic-context_is_admin' => {'context_is_admin' => 'true'}, 'ironic-default' => {'default' => 'rule:admin_or_owner'} }
|
||||
# Example :
|
||||
# {
|
||||
# 'ironic-context_is_admin' => {
|
||||
# 'key' => 'context_is_admin',
|
||||
# 'value' => 'true'
|
||||
# },
|
||||
# 'ironic-default' => {
|
||||
# 'key' => 'default',
|
||||
# 'value' => 'rule:admin_or_owner'
|
||||
# }
|
||||
# }
|
||||
# Defaults to empty hash.
|
||||
#
|
||||
# [*policy_path*]
|
||||
|
@ -19,11 +29,14 @@ class ironic::policy (
|
|||
) {
|
||||
|
||||
include ::ironic::deps
|
||||
include ::ironic::params
|
||||
|
||||
validate_hash($policies)
|
||||
|
||||
Openstacklib::Policy::Base {
|
||||
file_path => $policy_path,
|
||||
file_path => $policy_path,
|
||||
file_user => 'root',
|
||||
file_group => $::ironic::params::group,
|
||||
}
|
||||
|
||||
create_resources('openstacklib::policy::base', $policies)
|
||||
|
|
|
@ -17,8 +17,10 @@ describe 'ironic::policy' do
|
|||
|
||||
it 'set up the policies' do
|
||||
is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar'
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar',
|
||||
:file_user => 'root',
|
||||
:file_group => 'ironic',
|
||||
})
|
||||
is_expected.to contain_oslo__policy('ironic_config').with(
|
||||
:policy_file => '/etc/ironic/policy.json',
|
||||
|
@ -34,8 +36,7 @@ describe 'ironic::policy' do
|
|||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'ironic policies'
|
||||
it_configures 'ironic policies'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue