From db6ef26eb04c559d7452b8d5d81ab9530776b929 Mon Sep 17 00:00:00 2001
From: Scott Pham <scpham@cisco.com>
Date: Wed, 3 Dec 2014 19:16:57 -0500
Subject: [PATCH] Adding augeas insertion check. Augeas change call will fail
 if key does not exists in policy.json. This fix will add the key/value if it
 doesn't exists or will change the value to match. Added unit test. Change-Id:
 Ibd97228c431fa6b23e8a15ce548f82f649131cc2

---
 manifests/policy/base.pp                 | 16 +++++++++++++++-
 spec/defines/openstacklib_policy_spec.rb | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/manifests/policy/base.pp b/manifests/policy/base.pp
index 48925ddb..01919fe6 100644
--- a/manifests/policy/base.pp
+++ b/manifests/policy/base.pp
@@ -22,10 +22,24 @@ define openstacklib::policy::base (
   $value = '',
 ) {
 
+  # Add entry if it doesn't exists
+  augeas { "${file_path}-${key}-${value}-add":
+    lens    => 'Json.lns',
+    incl    => $file_path,
+    changes => [
+      "set dict/entry[last()+1] \"${key}\"",
+      "set dict/entry[last()]/string \"${value}\""
+    ],
+    onlyif  => "match dict/entry[*][.=\"${key}\"] size == 0"
+  }
+
+  # Requires that the entry is added before this call or it will fail.
   augeas { "${file_path}-${key}-${value}" :
     lens    => 'Json.lns',
     incl    => $file_path,
-    changes => "set dict/entry[*][.=\"${key}\"]/string ${value}"
+    changes => "set dict/entry[*][.=\"${key}\"]/string ${value}",
+    require => Augeas["${file_path}-${key}-${value}-add"]
   }
 
 }
+
diff --git a/spec/defines/openstacklib_policy_spec.rb b/spec/defines/openstacklib_policy_spec.rb
index 8a042344..89be58c7 100644
--- a/spec/defines/openstacklib_policy_spec.rb
+++ b/spec/defines/openstacklib_policy_spec.rb
@@ -16,8 +16,22 @@ describe 'openstacklib::policy::base' do
     should contain_augeas('/etc/nova/policy.json-context_is_admin-foo:bar').with(
       'lens'    => 'Json.lns',
       'incl'    => '/etc/nova/policy.json',
-      'changes' => 'set dict/entry[*][.="context_is_admin"]/string foo:bar'
+      'changes' => 'set dict/entry[*][.="context_is_admin"]/string foo:bar',
+      'require' => 'Augeas[/etc/nova/policy.json-context_is_admin-foo:bar-add]'
+    )
+  end
+
+  it 'configures the proper policy' do
+    should contain_augeas('/etc/nova/policy.json-context_is_admin-foo:bar-add').with(
+      'lens'    => 'Json.lns',
+      'incl'    => '/etc/nova/policy.json',
+      'changes' => [
+          'set dict/entry[last()+1] "context_is_admin"',
+          'set dict/entry[last()]/string "foo:bar"'
+      ],
+      'onlyif' => 'match dict/entry[*][.="context_is_admin"] size == 0'
     )
   end
 
 end
+