diff --git a/manifests/policy.pp b/manifests/policy.pp index df66e95a5..fb0e0af0b 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -32,11 +32,16 @@ # (Optional) Path to the keystone policy.yaml file # Defaults to /etc/keystone/policy.yaml # +# [*policy_dirs*] +# (Optional) Path to the keystone policy folder +# Defaults to $::os_service_default +# class keystone::policy ( $enforce_scope = $::os_service_default, $enforce_new_defaults = $::os_service_default, $policies = {}, $policy_path = '/etc/keystone/policy.yaml', + $policy_dirs = $::os_service_default, ) { include keystone::deps @@ -56,7 +61,8 @@ class keystone::policy ( oslo::policy { 'keystone_config': enforce_scope => $enforce_scope, enforce_new_defaults => $enforce_new_defaults, - policy_file => $policy_path + policy_file => $policy_path, + policy_dirs => $policy_dirs, } } diff --git a/releasenotes/notes/policy-dirs-3cc292a2be2bd104.yaml b/releasenotes/notes/policy-dirs-3cc292a2be2bd104.yaml new file mode 100644 index 000000000..d2263e0ef --- /dev/null +++ b/releasenotes/notes/policy-dirs-3cc292a2be2bd104.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + There is now a new policy_dirs parameter in the keystone::policy class, + so one can set a custom path. diff --git a/spec/classes/keystone_policy_spec.rb b/spec/classes/keystone_policy_spec.rb index 08d2a3a9c..ec3ea0f41 100644 --- a/spec/classes/keystone_policy_spec.rb +++ b/spec/classes/keystone_policy_spec.rb @@ -7,6 +7,7 @@ describe 'keystone::policy' do :enforce_scope => false, :enforce_new_defaults => false, :policy_path => '/etc/keystone/policy.yaml', + :policy_dirs => '/etc/keystone/policy.d', :policies => { 'context_is_admin' => { 'key' => 'context_is_admin', @@ -28,6 +29,7 @@ describe 'keystone::policy' do :enforce_scope => false, :enforce_new_defaults => false, :policy_file => '/etc/keystone/policy.yaml', + :policy_dirs => '/etc/keystone/policy.d', ) end end