New class nova::metadata::novajoin::policy

This allows novajoin policy overrides to be written to /etc/novajoin/policy.json, just as nova::policy does for /etc/nova/policy.json. Change-Id: I8b2b60164314ce92b0df1a648f1356290576047a Blueprint: nova-less-deploy
2019-09-25 10:57:51 +12:00 · 2019-09-25 10:57:51 +12:00 · adc83318c9
commit adc83318c9
parent edcd126dab
4 changed files with 86 additions and 0 deletions
--- a/manifests/metadata/novajoin/api.pp
+++ b/manifests/metadata/novajoin/api.pp
@ -128,6 +128,7 @@ class nova::metadata::novajoin::api (
  $ipa_realm                 = undef,
 ) {
  include ::nova::metadata::novajoin::authtoken
+  include ::nova::metadata::novajoin::policy

  if ! $service_user {
    fail('service_user is missing')
--- a/manifests/metadata/novajoin/policy.pp
+++ b/manifests/metadata/novajoin/policy.pp
@ -0,0 +1,38 @@
+# == Class: nova::metadata::novajoin::policy
+#
+# Configure the nova policies
+#
+# === Parameters
+#
+# [*policies*]
+#   (Optional) Set of policies to configure for novajoin
+#   Example :
+#     {
+#       'novajoin-compute_service_user' => {
+#         'key' => 'compute_service_user',
+#         'value' => 'role:admin'
+#       }
+#     }
+#   Defaults to empty hash.
+#
+# [*policy_path*]
+#   (Optional) Path to the novajoin policy.json file
+#   Defaults to /etc/novajoin/policy.json
+#
+class nova::metadata::novajoin::policy (
+  $policies    = {},
+  $policy_path = '/etc/novajoin/policy.json',
+) {
+
+  validate_legacy(Hash, 'validate_hash', $policies)
+
+  $policy_defaults = {
+    file_path  => $policy_path,
+    file_user  => 'root',
+  }
+
+  create_resources('openstacklib::policy::base', $policies, $policy_defaults)
+
+  oslo::policy { 'novajoin_config': policy_file => $policy_path }
+
+}
--- a/releasenotes/notes/novajoin-policy-2c219cf32a322d4b.yaml
+++ b/releasenotes/notes/novajoin-policy-2c219cf32a322d4b.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    New class nova::metadata::novajoin::policy allows novajoin policy overrides
+    to be written to /etc/novajoin/policy.json.
--- a/spec/classes/nova_metadata_novajoin_policy_spec.rb
+++ b/spec/classes/nova_metadata_novajoin_policy_spec.rb
@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe 'nova::metadata::novajoin::policy' do
+
+  shared_examples_for 'novajoin policies' do
+    let :params do
+      {
+        :policy_path => '/etc/novajoin/policy.json',
+        :policies    => {
+          'context_is_admin' => {
+            'key'   => 'context_is_admin',
+            'value' => 'foo:bar'
+          }
+        }
+      }
+    end
+
+    it 'set up the policies' do
+      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+      })
+      is_expected.to contain_oslo__policy('novajoin_config').with(
+        :policy_file => '/etc/novajoin/policy.json',
+      )
+    end
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'novajoin policies'
+    end
+  end
+
+end