dabc9d9d1f
The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: Ic5f73993ea4d71fc186272c624a906fcae2dcfa8 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
47 lines
991 B
Puppet
47 lines
991 B
Puppet
# == Class: magnum::policy
|
|
#
|
|
# Configure the magnum policies
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*policies*]
|
|
# (optional) Set of policies to configure for magnum
|
|
# Example :
|
|
# {
|
|
# 'magnum-context_is_admin' => {
|
|
# 'key' => 'context_is_admin',
|
|
# 'value' => 'true'
|
|
# },
|
|
# 'magnum-default' => {
|
|
# 'key' => 'default',
|
|
# 'value' => 'rule:admin_or_owner'
|
|
# }
|
|
# }
|
|
# Defaults to empty hash.
|
|
#
|
|
# [*policy_path*]
|
|
# (optional) Path to the nova policy.json file
|
|
# Defaults to /etc/magnum/policy.json
|
|
#
|
|
class magnum::policy (
|
|
$policies = {},
|
|
$policy_path = '/etc/magnum/policy.json',
|
|
) {
|
|
|
|
include ::magnum::deps
|
|
include ::magnum::params
|
|
|
|
validate_hash($policies)
|
|
|
|
Openstacklib::Policy::Base {
|
|
file_path => $policy_path,
|
|
file_user => 'root',
|
|
file_group => $::magnum::params::group,
|
|
}
|
|
|
|
create_resources('openstacklib::policy::base', $policies)
|
|
|
|
oslo::policy { 'magnum_config': policy_file => $policy_path }
|
|
|
|
}
|