Disallow duplicate policy rules with the same key

json never accepts defining multiple records with the same key. This change modifies the resource name to detect duplicate items defined with the same key, instead of silently ignore some of them. Change-Id: I8b18015f4789f97cf07706ad6b3c99ce1eaedaf9
2022-01-31 10:29:50 +09:00 · 2022-01-31 10:29:50 +09:00 · 78c6e4cb5b
commit 78c6e4cb5b
parent 380d7fc986
2 changed files with 6 additions and 6 deletions
--- a/manifests/policy/base.pp
+++ b/manifests/policy/base.pp
@ -61,7 +61,7 @@ define openstacklib::policy::base (
      warning('Json format is deprecated and will be removed in a future release')

      # Add entry if it doesn't exists
-      augeas { "${file_path}-${key}-${value}-add":
+      augeas { "${file_path}-${key}-add":
        lens    => 'Json.lns',
        incl    => $file_path,
        changes => [
@ -72,15 +72,15 @@ define openstacklib::policy::base (
      }

      # Requires that the entry is added before this call or it will fail.
-      augeas { "${file_path}-${key}-${value}" :
+      augeas { "${file_path}-${key}" :
        lens    => 'Json.lns',
        incl    => $file_path,
        changes => "set dict/entry[*][.=\"${key}\"]/string \"${value}\"",
      }

      Openstacklib::Policy::Default<| title == $file_path |>
-      -> Augeas<| title == "${file_path}-${key}-${value}-add" |>
-        ~> Augeas<| title == "${file_path}-${key}-${value}" |>
+      -> Augeas<| title == "${file_path}-${key}-add" |>
+        ~> Augeas<| title == "${file_path}-${key}" |>
    }
    'yaml': {
      # NOTE(tkajianm): Currently we use single quotes('') to quote the whole
--- a/spec/defines/openstacklib_policy_base_spec.rb
+++ b/spec/defines/openstacklib_policy_base_spec.rb
@ -27,13 +27,13 @@ describe 'openstacklib::policy::base' do
        :purge_config => false,
      )}

-      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-foo:bar').with(
+      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner').with(
        :lens    => 'Json.lns',
        :incl    => '/etc/nova/policy.json',
        :changes => 'set dict/entry[*][.="context_is_admin or owner"]/string "foo:bar"',
      )}

-      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-foo:bar-add').with(
+      it { should contain_augeas('/etc/nova/policy.json-context_is_admin or owner-add').with(
        :lens    => 'Json.lns',
        :incl    => '/etc/nova/policy.json',
        :changes => [