From 67608ac838d98156fd2eca0a7a3a28710837b108 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Thu, 18 Mar 2021 20:52:35 +0900
Subject: [PATCH] Add support for oslo_policy/enforce_new_defaults

Change-Id: Iad9b2375cbaa66943fce4f26df863fa55d590f57
---
 manifests/policy.pp                           | 23 ++++++++++++-------
 ...enforce_new_defaults-f033a2b395abb924.yaml |  4 ++++
 spec/defines/oslo_policy_spec.rb              | 11 +++++----
 3 files changed, 26 insertions(+), 12 deletions(-)
 create mode 100644 releasenotes/notes/policy-enforce_new_defaults-f033a2b395abb924.yaml

diff --git a/manifests/policy.pp b/manifests/policy.pp
index de36381..83ba0f8 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -11,6 +11,11 @@
 #  (Optional) Whether or not to enforce scope when evaluating policies.
 #  Defaults to $::os_service_default.
 #
+# [*enforce_new_defaults*]
+#  (Optional) Whether or not to use old deprecated defaults when evaluating
+#  policies.
+#  Defaults to $::os_service_default.
+#
 # [*policy_file*]
 #  (Optional) The JSON file that defines policies. (string value)
 #  Defaults to $::os_service_default.
@@ -29,10 +34,11 @@
 #  Defaults to $::os_service_default.
 #
 define oslo::policy(
-  $enforce_scope       = $::os_service_default,
-  $policy_file         = $::os_service_default,
-  $policy_default_rule = $::os_service_default,
-  $policy_dirs         = $::os_service_default,
+  $enforce_scope        = $::os_service_default,
+  $enforce_new_defaults = $::os_service_default,
+  $policy_file          = $::os_service_default,
+  $policy_default_rule  = $::os_service_default,
+  $policy_dirs          = $::os_service_default,
 ) {
   if !is_service_default($policy_dirs) {
     $policy_dirs_orig = join(any2array($policy_dirs), ',')
@@ -41,10 +47,11 @@ define oslo::policy(
   }
 
   $policy_options = {
-    'oslo_policy/enforce_scope'       => { value => $enforce_scope },
-    'oslo_policy/policy_file'         => { value => $policy_file },
-    'oslo_policy/policy_default_rule' => { value => $policy_default_rule },
-    'oslo_policy/policy_dirs'         => { value => $policy_dirs_orig },
+    'oslo_policy/enforce_scope'        => { value => $enforce_scope },
+    'oslo_policy/enforce_new_defaults' => { value => $enforce_new_defaults },
+    'oslo_policy/policy_file'          => { value => $policy_file },
+    'oslo_policy/policy_default_rule'  => { value => $policy_default_rule },
+    'oslo_policy/policy_dirs'          => { value => $policy_dirs_orig },
   }
 
   create_resources($name, $policy_options)
diff --git a/releasenotes/notes/policy-enforce_new_defaults-f033a2b395abb924.yaml b/releasenotes/notes/policy-enforce_new_defaults-f033a2b395abb924.yaml
new file mode 100644
index 0000000..7c104d7
--- /dev/null
+++ b/releasenotes/notes/policy-enforce_new_defaults-f033a2b395abb924.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``oslo:::policy::enforce_new_defaults`` parameter has been added.
diff --git a/spec/defines/oslo_policy_spec.rb b/spec/defines/oslo_policy_spec.rb
index b3565d1..6b666f6 100644
--- a/spec/defines/oslo_policy_spec.rb
+++ b/spec/defines/oslo_policy_spec.rb
@@ -9,6 +9,7 @@ describe 'oslo::policy' do
     context 'with default parameters' do
       it 'configure oslo_policy default params' do
         is_expected.to contain_keystone_config('oslo_policy/enforce_scope').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('oslo_policy/enforce_new_defaults').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('oslo_policy/policy_file').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('oslo_policy/policy_default_rule').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('oslo_policy/policy_dirs').with_value('<SERVICE DEFAULT>')
@@ -18,15 +19,17 @@ describe 'oslo::policy' do
     context 'with overridden parameters' do
       let :params do
         {
-          :enforce_scope       => false,
-          :policy_file         => '/path/to/policy.file',
-          :policy_default_rule => 'some rule',
-          :policy_dirs         => ['dir1', '/dir/2'],
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_file          => '/path/to/policy.file',
+          :policy_default_rule  => 'some rule',
+          :policy_dirs          => ['dir1', '/dir/2'],
         }
       end
 
       it 'configures oslo_policy section' do
         is_expected.to contain_keystone_config('oslo_policy/enforce_scope').with_value(false)
+        is_expected.to contain_keystone_config('oslo_policy/enforce_new_defaults').with_value(false)
         is_expected.to contain_keystone_config('oslo_policy/policy_file').with_value('/path/to/policy.file')
         is_expected.to contain_keystone_config('oslo_policy/policy_default_rule').with_value('some rule')
         is_expected.to contain_keystone_config('oslo_policy/policy_dirs').with_value('dir1,/dir/2')