Add ::keystone::policy class for policy management

Follows the same pattern used in other modules for policy management.

Change-Id: I438e1bcf9b0e893639d3e1b0cca0f4c5738cf15b

manifests/policy.pp

@@ -0,0 +1,39 @@
+# == Class: keystone::policy
+#
+# Configure the keystone policies
+#
+# === Parameters
+#
+# [*policies*]
+#   (optional) Set of policies to configure for keystone
+#   Example :
+#     {
+#       'keystone-context_is_admin' => {
+#         'key' => 'context_is_admin',
+#         'value' => 'true'
+#       },
+#       'keystone-default' => {
+#         'key' => 'default',
+#         'value' => 'rule:admin_or_owner'
+#       }
+#     }
+#   Defaults to empty hash.
+#
+# [*policy_path*]
+#   (optional) Path to the nova policy.json file
+#   Defaults to /etc/keystone/policy.json
+#
+class keystone::policy (
+  $policies    = {},
+  $policy_path = '/etc/keystone/policy.json',
+) {
+
+  validate_hash($policies)
+
+  Openstacklib::Policy::Base {
+    file_path => $policy_path,
+  }
+
+  create_resources('openstacklib::policy::base', $policies)
+
+}

spec/classes/keystone_policy_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe 'keystone::policy' do
+
+  shared_examples_for 'keystone policies' do
+    let :params do
+      {
+        :policy_path => '/etc/keystone/policy.json',
+        :policies    => {
+          'context_is_admin' => {
+            'key'   => 'context_is_admin',
+            'value' => 'foo:bar'
+          }
+        }
+      }
+    end
+
+    it 'set up the policies' do
+      should contain_openstacklib__policy__base('context_is_admin').with({
+        :key   => 'context_is_admin',
+        :value => 'foo:bar'
+      })
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+
+    it_configures 'keystone policies'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat' }
+    end
+
+    it_configures 'keystone policies'
+  end
+end