From 78c6e4cb5bb80490b2733e5932230cb8852e9d29 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 31 Jan 2022 10:29:50 +0900
Subject: [PATCH] Disallow duplicate policy rules with the same key

json never accepts defining multiple records with the same key. This
change modifies the resource name to detect duplicate items defined
with the same key, instead of silently ignore some of them.

Change-Id: I8b18015f4789f97cf07706ad6b3c99ce1eaedaf9
---
 manifests/policy/base.pp                      | 8 ++++----
 spec/defines/openstacklib_policy_base_spec.rb | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/manifests/policy/base.pp b/manifests/policy/base.pp
index 92baebc4..81b247ce 100644
--- a/manifests/policy/base.pp
+++ b/manifests/policy/base.pp
@@ -61,7 +61,7 @@ define openstacklib::policy::base (
       warning('Json format is deprecated and will be removed in a future release')
 
       # Add entry if it doesn't exists
-      augeas { "${file_path}-${key}-${value}-add":
+      augeas { "${file_path}-${key}-add":
         lens    => 'Json.lns',
         incl    => $file_path,
         changes => [
@@ -72,15 +72,15 @@ define openstacklib::policy::base (
       }
 
       # Requires that the entry is added before this call or it will fail.
-      augeas { "${file_path}-${key}-${value}" :
+      augeas { "${file_path}-${key}" :
         lens    => 'Json.lns',
         incl    => $file_path,
         changes => "set dict/entry[*][.=\"${key}\"]/string \"${value}\"",
       }
 
       Openstacklib::Policy::Default<| title == $file_path |>
-      -> Augeas<| title == "${file_path}-${key}-${value}-add" |>
-        ~> Augeas<| title == "${file_path}-${key}-${value}" |>
+      -> Augeas<| title == "${file_path}-${key}-add" |>
+        ~> Augeas<| title == "${file_path}-${key}" |>
     }
     'yaml': {
       # NOTE(tkajianm): Currently we use single quotes('') to quote the whole
diff --git a/spec/defines/openstacklib_policy_base_spec.rb b/spec/defines/openstacklib_policy_base_spec.rb
index 5b0f7235..c15d07ae 100644
--- a/spec/defines/openstacklib_policy_base_spec.rb
+++ b/spec/defines/openstacklib_policy_base_spec.rb
@@ -27,13 +27,13 @@ describe 'openstacklib::policy::base' do
         :purge_config => false,
       )}
 
-      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-foo:bar').with(
+      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner').with(
         :lens    => 'Json.lns',
         :incl    => '/etc/nova/policy.json',
         :changes => 'set dict/entry[*][.="context_is_admin or owner"]/string "foo:bar"',
       )}
 
-      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-foo:bar-add').with(
+      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-add').with(
         :lens    => 'Json.lns',
         :incl    => '/etc/nova/policy.json',
         :changes => [