policy.json: Allow one to manage them from the puppet module
This commit allow a deployer to manage the policies via this module It relies on augeas to change only the policy needed. The init takes a hash of policies and apply them. Change-Id: I8bd71a740294394009b2ad581121a9999956b5d0
This commit is contained in:
parent
1c50fa5c9b
commit
e88e8a0f1b
@ -90,6 +90,7 @@ class ironic::api (
|
||||
) {
|
||||
|
||||
include ironic::params
|
||||
include ironic::policy
|
||||
|
||||
Ironic_config<||> ~> Service['ironic-api']
|
||||
|
||||
|
@ -114,6 +114,15 @@
|
||||
# (optional) Allow to perform insecure SSL (https) requests to glance.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*policies*]
|
||||
# (optional) Set of policies to configure for ironic
|
||||
# Example : { 'ironic-context_is_admin' => {'context_is_admin' => 'true'}, 'ironic-default' => {'default' => 'rule:admin_or_owner'} }
|
||||
# Defaults to empty hash.
|
||||
#
|
||||
# [*policy_path*]
|
||||
# (optional) Path to the ironic policy.json file
|
||||
# Defaults to /etc/ironic/policy.json
|
||||
#
|
||||
|
||||
class ironic (
|
||||
$enabled = true,
|
||||
@ -151,7 +160,9 @@ class ironic (
|
||||
$database_retry_interval = '10',
|
||||
$glance_api_servers = undef,
|
||||
$glance_num_retries = '0',
|
||||
$glance_api_insecure = false
|
||||
$glance_api_insecure = false,
|
||||
$policies = {},
|
||||
$policy_path = '/etc/ironic/policy.json',
|
||||
) {
|
||||
|
||||
include ironic::params
|
||||
@ -276,4 +287,11 @@ class ironic (
|
||||
}
|
||||
}
|
||||
|
||||
# Policies configuration
|
||||
Openstacklib::Policy::Base {
|
||||
file_path => $policy_path,
|
||||
}
|
||||
class { 'openstacklib::policy' :
|
||||
policies => $policies,
|
||||
}
|
||||
}
|
||||
|
29
manifests/policy.pp
Normal file
29
manifests/policy.pp
Normal file
@ -0,0 +1,29 @@
|
||||
# == Class: ironic::policy
|
||||
#
|
||||
# Configure the ironic policies
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*policies*]
|
||||
# (optional) Set of policies to configure for ironic
|
||||
# Example : { 'ironic-context_is_admin' => {'context_is_admin' => 'true'}, 'ironic-default' => {'default' => 'rule:admin_or_owner'} }
|
||||
# Defaults to empty hash.
|
||||
#
|
||||
# [*policy_path*]
|
||||
# (optional) Path to the ironic policy.json file
|
||||
# Defaults to /etc/ironic/policy.json
|
||||
#
|
||||
class ironic::policy (
|
||||
$policies = {},
|
||||
$policy_path = '/etc/ironic/policy.json',
|
||||
) {
|
||||
|
||||
Openstacklib::Policy::Base {
|
||||
file_path => $policy_path,
|
||||
}
|
||||
class { 'openstacklib::policy' :
|
||||
policies => $policies,
|
||||
before => Service['ironic-api'],
|
||||
}
|
||||
|
||||
}
|
40
spec/classes/ironic_policy_spec.rb
Normal file
40
spec/classes/ironic_policy_spec.rb
Normal file
@ -0,0 +1,40 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'ironic::policy' do
|
||||
|
||||
shared_examples_for 'ironic policies' do
|
||||
let :params do
|
||||
{
|
||||
:policy_path => '/etc/ironic/policy.json',
|
||||
:policies => {
|
||||
'context_is_admin' => {
|
||||
'key' => 'context_is_admin',
|
||||
'value' => 'foo:bar'
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it 'set up the policies' do
|
||||
should contain_class('openstacklib::policy').with({
|
||||
:policies => params[:policies]
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
context 'on Debian platforms' do
|
||||
let :facts do
|
||||
{ :osfamily => 'Debian' }
|
||||
end
|
||||
|
||||
it_configures 'ironic policies'
|
||||
end
|
||||
|
||||
context 'on RedHat platforms' do
|
||||
let :facts do
|
||||
{ :osfamily => 'RedHat' }
|
||||
end
|
||||
|
||||
it_configures 'ironic policies'
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue
Block a user