bab31c0ba2
The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: I063979fc2944667f200c8bd774b5252241faf5f6 Co-Authored-By: Alex Schultz <aschultz@redhat.com>
47 lines
1003 B
Puppet
47 lines
1003 B
Puppet
# == Class: octavia::policy
|
|
#
|
|
# Configure the octavia policies
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*policies*]
|
|
# (optional) Set of policies to configure for octavia
|
|
# Example :
|
|
# {
|
|
# 'octavia-context_is_admin' => {
|
|
# 'key' => 'context_is_admin',
|
|
# 'value' => 'true'
|
|
# },
|
|
# 'octavia-default' => {
|
|
# 'key' => 'default',
|
|
# 'value' => 'rule:admin_or_owner'
|
|
# }
|
|
# }
|
|
# Defaults to empty hash.
|
|
#
|
|
# [*policy_path*]
|
|
# (optional) Path to the nova policy.json file
|
|
# Defaults to /etc/octavia/policy.json
|
|
#
|
|
class octavia::policy (
|
|
$policies = {},
|
|
$policy_path = '/etc/octavia/policy.json',
|
|
) {
|
|
|
|
include ::octavia::deps
|
|
include ::octavia::params
|
|
|
|
validate_hash($policies)
|
|
|
|
Openstacklib::Policy::Base {
|
|
file_path => $policy_path,
|
|
file_user => 'root',
|
|
file_group => $::octavia::params::group,
|
|
}
|
|
|
|
create_resources('openstacklib::policy::base', $policies)
|
|
|
|
oslo::policy { 'octavia_config': policy_file => $policy_path }
|
|
|
|
}
|