diff --git a/manifests/policy.pp b/manifests/policy.pp new file mode 100644 index 000000000..13be064b0 --- /dev/null +++ b/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: keystone::policy +# +# Configure the keystone policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for keystone +# Example : +# { +# 'keystone-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'keystone-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the nova policy.json file +# Defaults to /etc/keystone/policy.json +# +class keystone::policy ( + $policies = {}, + $policy_path = '/etc/keystone/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/spec/classes/keystone_policy_spec.rb b/spec/classes/keystone_policy_spec.rb new file mode 100644 index 000000000..81f69da5f --- /dev/null +++ b/spec/classes/keystone_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'keystone::policy' do + + shared_examples_for 'keystone policies' do + let :params do + { + :policy_path => '/etc/keystone/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + should contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'keystone policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'keystone policies' + end +end