Expose policy_default_rule

The option has been managed by the underlying puppet-oslo module but has not been configurable. This introduces the parameter to customize the option. Change-Id: Ia91f1558f6f5b77f3fcd77149dc61cafd621308e
2023-01-23 14:25:55 +09:00 · 2023-01-23 14:25:55 +09:00 · caa8c1a5f6
commit caa8c1a5f6
parent b5b45aad37
3 changed files with 12 additions and 0 deletions
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -32,6 +32,10 @@
 #   (Optional) Path to the keystone policy.yaml file
 #   Defaults to /etc/keystone/policy.yaml
 #
+# [*policy_default_rule*]
+#   (Optional) Default rule. Enforced when a requested rule is not found.
+#   Defaults to $::os_service_default.
+#
 # [*policy_dirs*]
 #   (Optional) Path to the keystone policy folder
 #   Defaults to $::os_service_default
@ -46,6 +50,7 @@ class keystone::policy (
  $enforce_new_defaults = $::os_service_default,
  $policies             = {},
  $policy_path          = '/etc/keystone/policy.yaml',
+  $policy_default_rule  = $::os_service_default,
  $policy_dirs          = $::os_service_default,
  $purge_config         = false,
 ) {
@ -70,6 +75,7 @@ class keystone::policy (
    enforce_scope        => $enforce_scope,
    enforce_new_defaults => $enforce_new_defaults,
    policy_file          => $policy_path,
+    policy_default_rule  => $policy_default_rule,
    policy_dirs          => $policy_dirs,
  }

--- a/releasenotes/notes/policy_default_rule-4600db5f90a7303c.yaml
+++ b/releasenotes/notes/policy_default_rule-4600db5f90a7303c.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``keystone::policy::policy_default_rule`` parameter has been added.
--- a/spec/classes/keystone_policy_spec.rb
+++ b/spec/classes/keystone_policy_spec.rb
@ -9,6 +9,7 @@ describe 'keystone::policy' do
          :enforce_scope        => false,
          :enforce_new_defaults => false,
          :policy_path          => '/etc/keystone/policy.yaml',
+          :policy_default_rule  => 'default',
          :policy_dirs          => '/etc/keystone/policy.d',
          :policies             => {
            'context_is_admin' => {
@ -37,6 +38,7 @@ describe 'keystone::policy' do
          :enforce_scope        => false,
          :enforce_new_defaults => false,
          :policy_file          => '/etc/keystone/policy.yaml',
+          :policy_default_rule  => 'default',
          :policy_dirs          => '/etc/keystone/policy.d',
        )
      end