From 58af07ac06147b3a9dc7d752937eb6dd2e87aa13 Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Mon, 26 Jul 2021 11:47:33 +0200
Subject: [PATCH] Delete policy file if policies hash is empty

If all policies get deleted, previously created policy files won't
get removed and the api policy file is still is used. Lets remove
the policy file if the policies hash is empty.

Change-Id: Ic9b5ccd8fc23f6cebc06f62d972b64efd2400396
---
 manifests/policy.pp | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/manifests/policy.pp b/manifests/policy.pp
index f5b4cad3e..91e7e765e 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -49,14 +49,21 @@ class nova::policy (
 
   validate_legacy(Hash, 'validate_hash', $policies)
 
-  Openstacklib::Policy::Base {
-    file_path   => $policy_path,
-    file_user   => 'root',
-    file_group  => $::nova::params::group,
-    file_format => 'yaml',
-  }
+  if empty($policies){
+    file {$policy_path:
+      path => $policy_path,
+      ensure => absent,
+    }
+  } else {
+    Openstacklib::Policy::Base {
+      file_path   => $policy_path,
+      file_user   => 'root',
+      file_group  => $::nova::params::group,
+      file_format => 'yaml',
+    }
 
-  create_resources('openstacklib::policy::base', $policies)
+    create_resources('openstacklib::policy::base', $policies)
+  }
 
   oslo::policy { 'nova_config':
     enforce_scope        => $enforce_scope,