From 37935472f1505abe6ee31dcb27b5f364201a53e9 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Fri, 19 Sep 2014 16:52:52 -0400 Subject: [PATCH] policy.json: Allow puppet modules to manage policy.json Currently puppet modules does not allow one to manage policy.json. This commit aims to create a common resource for people to manage their policies. Change-Id: I1cd7765cdcbddb7e7ad5d720f1efa382641712f2 --- manifests/policy.pp | 19 +++++++++++++++ manifests/policy/base.pp | 31 ++++++++++++++++++++++++ spec/classes/openstacklib_policy_spec.rb | 25 +++++++++++++++++++ spec/defines/openstacklib_policy_spec.rb | 23 ++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 manifests/policy.pp create mode 100644 manifests/policy/base.pp create mode 100644 spec/classes/openstacklib_policy_spec.rb create mode 100644 spec/defines/openstacklib_policy_spec.rb diff --git a/manifests/policy.pp b/manifests/policy.pp new file mode 100644 index 00000000..b1114275 --- /dev/null +++ b/manifests/policy.pp @@ -0,0 +1,19 @@ +# == Class: openstacklib::policies +# +# This resource is an helper to call the policy definition +# +# == Parameters: +# +# [*policies*] +# Hash of policies one would like to set to specific values +# hash; optional +# +class openstacklib::policy ( + $policies = {}, +) { + + validate_hash($policies) + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/manifests/policy/base.pp b/manifests/policy/base.pp new file mode 100644 index 00000000..48925ddb --- /dev/null +++ b/manifests/policy/base.pp @@ -0,0 +1,31 @@ +# == Definition: openstacklib::policy::base +# +# This resource configures the policy.json file for an OpenStack service +# +# == Parameters: +# +# [*file_path*] +# Path to the policy.json file +# string; required +# +# [*key*] +# The key to replace the value for +# string; required; the key to replace the value for +# +# [*value*] +# The value to set +# string; optional; the value to set +# +define openstacklib::policy::base ( + $file_path, + $key, + $value = '', +) { + + augeas { "${file_path}-${key}-${value}" : + lens => 'Json.lns', + incl => $file_path, + changes => "set dict/entry[*][.=\"${key}\"]/string ${value}" + } + +} diff --git a/spec/classes/openstacklib_policy_spec.rb b/spec/classes/openstacklib_policy_spec.rb new file mode 100644 index 00000000..9d6927c5 --- /dev/null +++ b/spec/classes/openstacklib_policy_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper' + +describe 'openstacklib::policy' do + + let :params do + { + :policies => { + 'foo' => { + 'file_path' => '/etc/nova/policy.json', + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'configures the proper policy' do + should contain_openstacklib__policy__base('foo').with( + :file_path => '/etc/nova/policy.json', + :key => 'context_is_admin', + :value => 'foo:bar' + ) + end + +end diff --git a/spec/defines/openstacklib_policy_spec.rb b/spec/defines/openstacklib_policy_spec.rb new file mode 100644 index 00000000..8a042344 --- /dev/null +++ b/spec/defines/openstacklib_policy_spec.rb @@ -0,0 +1,23 @@ +require 'spec_helper' + +describe 'openstacklib::policy::base' do + + let :title do + 'nova-contest_is_admin' + end + + let :params do + {:file_path => '/etc/nova/policy.json', + :key => 'context_is_admin', + :value => 'foo:bar'} + end + + it 'configures the proper policy' do + should contain_augeas('/etc/nova/policy.json-context_is_admin-foo:bar').with( + 'lens' => 'Json.lns', + 'incl' => '/etc/nova/policy.json', + 'changes' => 'set dict/entry[*][.="context_is_admin"]/string foo:bar' + ) + end + +end