Enable policy rule management in nova-compute

There are some features in nova-compute which validate policy rules. For example when connecting an instance to an external network, nova-compute checks ``network:attach_external_network`` to determine whether the operation is permitted. This change makes sure that the nova policy file in compute nodes are also managed by puppet-tripleo. Partial-Bug: #1955786 Change-Id: I490cc558238719d4c9585e2a57497d1b1787a9ed
6 months ago · 6cc58e8ac4
2 changed files with 9 additions and 0 deletions
--- a/manifests/profile/base/nova/compute.pp
+++ b/manifests/profile/base/nova/compute.pp
@ -46,6 +46,11 @@ class tripleo::profile::base::nova::compute (
    include nova::key_manager
    include nova::key_manager::barbican

+    # NOTE(tkajinam): Policies are used in some features in nova-compute,
+    #                 For example when connecting an instance to an external
+    #                 network
+    include nova::policy
+
    # deploy basic bits for nova-compute
    include nova::compute

--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@ -32,6 +32,7 @@ describe 'tripleo::profile::base::nova::compute' do
        is_expected.to_not contain_class('nova::vendordata')
        is_expected.to_not contain_class('nova::key_manager')
        is_expected.to_not contain_class('nova::key_manager::barbican')
+        is_expected.to_not contain_class('nova::policy')
        is_expected.to_not contain_class('nova::compute')
        is_expected.to_not contain_class('nova::network::neutron')
      }
@ -63,6 +64,7 @@ eos
          is_expected.to contain_class('nova::vendordata')
          is_expected.to contain_class('nova::key_manager')
          is_expected.to contain_class('nova::key_manager::barbican')
+          is_expected.to contain_class('nova::policy')
          is_expected.to contain_class('nova::compute')
          is_expected.to contain_class('nova::network::neutron')
          is_expected.to_not contain_package('nfs-utils')
@ -79,6 +81,7 @@ eos
          is_expected.to contain_class('nova::vendordata')
          is_expected.to contain_class('nova::key_manager')
          is_expected.to contain_class('nova::key_manager::barbican')
+          is_expected.to contain_class('nova::policy')
          is_expected.to contain_class('nova::compute')
          is_expected.to contain_class('nova::network::neutron')
          is_expected.to contain_package('nfs-utils')
@ -95,6 +98,7 @@ eos
          is_expected.to contain_class('nova::vendordata')
          is_expected.to contain_class('nova::key_manager')
          is_expected.to contain_class('nova::key_manager::barbican')
+          is_expected.to contain_class('nova::policy')
          is_expected.to contain_class('nova::compute')
          is_expected.to contain_class('nova::network::neutron')
          is_expected.to contain_package('nfs-utils')