privsep: Allow customizing section name

Some components uses sections not following the current name template (privsep_${section}) to register oslo.privsep parameters. For example nova registers the parameters to the nova_sys_admin section. This change allows overriding the section name to deal with such cases. Change-Id: Icaf88ebaaf72d6810d9ded119a9998538eb09869
2022-02-05 19:47:15 +09:00
parent 34e1446f44
commit 9038a5badd
3 changed files with 30 additions and 4 deletions
--- a/manifests/privsep.pp
+++ b/manifests/privsep.pp
@@ -14,6 +14,10 @@
 # [*config*]
 #  (Required) Configuration file to manage. (string value)
 #
+# [*config_group*]
+#  (Optional) Name of the section in which the parameters are set. (string value)
+#  Defaults to "privsep_${entrypoint}"
+#
 # [*user*]
 #  (Optional) User that the privsep daemon should run as. (string value)
 #  Defaults to $::os_service_default.
@@ -42,6 +46,7 @@
 define oslo::privsep (
  $config,
  $entrypoint     = $name,
+  $config_group   = "privsep_${entrypoint}",
  $user           = $::os_service_default,
  $group          = $::os_service_default,
  $capabilities   = $::os_service_default,
@@ -49,10 +54,10 @@ define oslo::privsep (
 ) {

  $privsep_options = {
-    "privsep_${entrypoint}/user"           => { value => $user },
-    "privsep_${entrypoint}/group"          => { value => $group },
-    "privsep_${entrypoint}/capabilities"   => { value => $capabilities },
-    "privsep_${entrypoint}/helper_command" => { value => $helper_command },
+    "${config_group}/user"           => { value => $user },
+    "${config_group}/group"          => { value => $group },
+    "${config_group}/capabilities"   => { value => $capabilities },
+    "${config_group}/helper_command" => { value => $helper_command },
  }

  create_resources($config, $privsep_options)
--- a/releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml
+++ b/releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The new ``oslo::privsep::config_group`` parameter has been added. This
+    parameter can be used to add parameters to the section different from
+    the default ``privsep_${entrypoint}`` section.
--- a/spec/defines/oslo_privsep_spec.rb
+++ b/spec/defines/oslo_privsep_spec.rb
@@ -37,6 +37,21 @@ describe 'oslo::privsep' do
      end
    end

+    context 'with config group' do
+      before do
+        params.merge!({
+          :config_group => 'mysection'
+        })
+      end
+
+      it 'configure oslo_privsep default params' do
+        is_expected.to contain_keystone_config('mysection/user').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/group').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/capabilities').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/helper_command').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
  end

  on_supported_os({