Add group to policy management

The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: Idff05735bd2e2155253cd96eafc5e1e7c28b03b5 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-10 14:09:22 -08:00 · 2018-01-10 14:09:22 -08:00 · c547a02bdd
commit c547a02bdd
parent 2058c38a45
3 changed files with 21 additions and 6 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -29,6 +29,7 @@ class ironic::params {
  $client_package           = 'python-ironicclient'
  $inspector_client_package = 'python-ironic-inspector-client'
  $lib_package_name         = 'python-ironic-lib'
+  $group                    = 'ironic'

  case $::osfamily {
    'RedHat': {
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -6,7 +6,17 @@
 #
 # [*policies*]
 #   (optional) Set of policies to configure for ironic
-#   Example : { 'ironic-context_is_admin' => {'context_is_admin' => 'true'}, 'ironic-default' => {'default' => 'rule:admin_or_owner'} }
+#   Example :
+#     {
+#       'ironic-context_is_admin' => {
+#         'key' => 'context_is_admin',
+#         'value' => 'true'
+#       },
+#       'ironic-default' => {
+#         'key' => 'default',
+#         'value' => 'rule:admin_or_owner'
+#       }
+#     }
 #   Defaults to empty hash.
 #
 # [*policy_path*]
@ -19,11 +29,14 @@ class ironic::policy (
 ) {

  include ::ironic::deps
+  include ::ironic::params

  validate_hash($policies)

  Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::ironic::params::group,
  }

  create_resources('openstacklib::policy::base', $policies)
--- a/spec/classes/ironic_policy_spec.rb
+++ b/spec/classes/ironic_policy_spec.rb
@ -17,8 +17,10 @@ describe 'ironic::policy' do

    it 'set up the policies' do
      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'ironic',
      })
      is_expected.to contain_oslo__policy('ironic_config').with(
        :policy_file => '/etc/ironic/policy.json',
@ -34,8 +36,7 @@ describe 'ironic::policy' do
        facts.merge!(OSDefaults.get_facts())
      end

-      it_behaves_like 'ironic policies'
+      it_configures 'ironic policies'
    end
  end
-
 end