Merge "Allow purging policy files"

manifests/policy.pp

@@ -36,12 +36,18 @@
 #   (Optional) Path to the senlin policy folder
 #   Defaults to $::os_service_default
 #
+# [*purge_config*]
+#   (optional) Whether to set only the specified policy rules in the policy
+#    file.
+#    Defaults to false.
+#
 class senlin::policy (
   $enforce_scope        = $::os_service_default,
   $enforce_new_defaults = $::os_service_default,
   $policies             = {},
   $policy_path          = '/etc/senlin/policy.yaml',
   $policy_dirs          = $::os_service_default,
+  $purge_config         = false,
 ) {
 
   include senlin::deps
@@ -49,14 +55,16 @@ class senlin::policy (
 
   validate_legacy(Hash, 'validate_hash', $policies)
 
-  Openstacklib::Policy::Base {
+  $policy_parameters = {
-    file_path   => $policy_path,
+    policies     => $policies,
+    policy_path  => $policy_path,
     file_user    => 'root',
     file_group   => $::senlin::params::group,
     file_format  => 'yaml',
+    purge_config => $purge_config,
   }
 
-  create_resources('openstacklib::policy::base', $policies)
+  create_resources('openstacklib::policy', { $policy_path => $policy_parameters })
 
   oslo::policy { 'senlin_config':
     enforce_scope        => $enforce_scope,

releasenotes/notes/policy_purge_config-b73fe2b70d70a740.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds new purge_config parameter. When set to true, the policy file is
+    cleared during configuration process. This allows to remove any existing
+    rules before applying them or clean the file when all policies got removed.

spec/classes/senlin_policy_spec.rb

@@ -2,6 +2,8 @@ require 'spec_helper'
 
 describe 'senlin::policy' do
   shared_examples 'senlin::policy' do
+
+    context 'setup policy with parameters' do
       let :params do
         {
           :enforce_scope        => false,
@@ -18,13 +20,19 @@ describe 'senlin::policy' do
       end
 
       it 'set up the policies' do
-      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
+        is_expected.to contain_openstacklib__policy('/etc/senlin/policy.yaml').with(
-        :key         => 'context_is_admin',
+          :policies     => {
-        :value       => 'foo:bar',
+            'context_is_admin' => {
+              'key'   => 'context_is_admin',
+              'value' => 'foo:bar'
+            }
+          },
+          :policy_path  => '/etc/senlin/policy.yaml',
           :file_user    => 'root',
           :file_group   => 'senlin',
           :file_format  => 'yaml',
-      })
+          :purge_config => false,
+        )
         is_expected.to contain_oslo__policy('senlin_config').with(
           :enforce_scope        => false,
           :enforce_new_defaults => false,
@@ -34,6 +42,35 @@ describe 'senlin::policy' do
       end
     end
 
+    context 'with empty policies and purge_config enabled' do
+      let :params do
+        {
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_path          => '/etc/senlin/policy.yaml',
+          :policies             => {},
+          :purge_config         => true,
+        }
+      end
+
+      it 'set up the policies' do
+        is_expected.to contain_openstacklib__policy('/etc/senlin/policy.yaml').with(
+          :policies     => {},
+          :policy_path  => '/etc/senlin/policy.yaml',
+          :file_user    => 'root',
+          :file_group   => 'senlin',
+          :file_format  => 'yaml',
+          :purge_config => true,
+        )
+        is_expected.to contain_oslo__policy('senlin_config').with(
+          :enforce_scope        => false,
+          :enforce_new_defaults => false,
+          :policy_file          => '/etc/senlin/policy.yaml',
+        )
+      end
+    end
+  end
+
   on_supported_os({
     :supported_os => OSDefaults.get_supported_os
   }).each do |os,facts|