Add support for oslo_policy/enforce_new_defaults

Change-Id: Iad9b2375cbaa66943fce4f26df863fa55d590f57
This commit is contained in:
Takashi Kajinami 2021-03-18 20:52:35 +09:00
parent 0faa00bd96
commit 67608ac838
3 changed files with 26 additions and 12 deletions

View File

@ -11,6 +11,11 @@
# (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $::os_service_default.
#
# [*enforce_new_defaults*]
# (Optional) Whether or not to use old deprecated defaults when evaluating
# policies.
# Defaults to $::os_service_default.
#
# [*policy_file*]
# (Optional) The JSON file that defines policies. (string value)
# Defaults to $::os_service_default.
@ -29,10 +34,11 @@
# Defaults to $::os_service_default.
#
define oslo::policy(
$enforce_scope = $::os_service_default,
$policy_file = $::os_service_default,
$policy_default_rule = $::os_service_default,
$policy_dirs = $::os_service_default,
$enforce_scope = $::os_service_default,
$enforce_new_defaults = $::os_service_default,
$policy_file = $::os_service_default,
$policy_default_rule = $::os_service_default,
$policy_dirs = $::os_service_default,
) {
if !is_service_default($policy_dirs) {
$policy_dirs_orig = join(any2array($policy_dirs), ',')
@ -41,10 +47,11 @@ define oslo::policy(
}
$policy_options = {
'oslo_policy/enforce_scope' => { value => $enforce_scope },
'oslo_policy/policy_file' => { value => $policy_file },
'oslo_policy/policy_default_rule' => { value => $policy_default_rule },
'oslo_policy/policy_dirs' => { value => $policy_dirs_orig },
'oslo_policy/enforce_scope' => { value => $enforce_scope },
'oslo_policy/enforce_new_defaults' => { value => $enforce_new_defaults },
'oslo_policy/policy_file' => { value => $policy_file },
'oslo_policy/policy_default_rule' => { value => $policy_default_rule },
'oslo_policy/policy_dirs' => { value => $policy_dirs_orig },
}
create_resources($name, $policy_options)

View File

@ -0,0 +1,4 @@
---
features:
- |
The new ``oslo:::policy::enforce_new_defaults`` parameter has been added.

View File

@ -9,6 +9,7 @@ describe 'oslo::policy' do
context 'with default parameters' do
it 'configure oslo_policy default params' do
is_expected.to contain_keystone_config('oslo_policy/enforce_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_policy/enforce_new_defaults').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_policy/policy_file').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_policy/policy_default_rule').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('oslo_policy/policy_dirs').with_value('<SERVICE DEFAULT>')
@ -18,15 +19,17 @@ describe 'oslo::policy' do
context 'with overridden parameters' do
let :params do
{
:enforce_scope => false,
:policy_file => '/path/to/policy.file',
:policy_default_rule => 'some rule',
:policy_dirs => ['dir1', '/dir/2'],
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_file => '/path/to/policy.file',
:policy_default_rule => 'some rule',
:policy_dirs => ['dir1', '/dir/2'],
}
end
it 'configures oslo_policy section' do
is_expected.to contain_keystone_config('oslo_policy/enforce_scope').with_value(false)
is_expected.to contain_keystone_config('oslo_policy/enforce_new_defaults').with_value(false)
is_expected.to contain_keystone_config('oslo_policy/policy_file').with_value('/path/to/policy.file')
is_expected.to contain_keystone_config('oslo_policy/policy_default_rule').with_value('some rule')
is_expected.to contain_keystone_config('oslo_policy/policy_dirs').with_value('dir1,/dir/2')