diff --git a/manifests/params.pp b/manifests/params.pp index 1f7aba4d..2022f4ec 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,6 +6,7 @@ class trove::params { include ::openstacklib::defaults $client_package_name = 'python-troveclient' + $group = 'trove' case $::osfamily { 'RedHat': { diff --git a/manifests/policy.pp b/manifests/policy.pp index b436d903..6e8effcc 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -8,8 +8,14 @@ # (optional) Set of policies to configure for trove # Example : # { -# 'trove-context_is_admin' => {'context_is_admin' => 'true'}, -# 'trove-default' => {'default' => 'rule:admin_or_owner'} +# 'trove-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'trove-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } # } # Defaults to empty hash. # @@ -23,13 +29,18 @@ class trove::policy ( ) { include ::trove::deps + include ::trove::params validate_hash($policies) Openstacklib::Policy::Base { - file_path => $policy_path, + file_path => $policy_path, + file_user => 'root', + file_group => $::trove::params::group, } create_resources('openstacklib::policy::base', $policies) + oslo::policy { 'trove_config': policy_file => $policy_path } + } diff --git a/spec/classes/trove_policy_spec.rb b/spec/classes/trove_policy_spec.rb index 72a05430..d865d360 100644 --- a/spec/classes/trove_policy_spec.rb +++ b/spec/classes/trove_policy_spec.rb @@ -17,8 +17,10 @@ describe 'trove::policy' do it 'set up the policies' do is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ - :key => 'context_is_admin', - :value => 'foo:bar' + :key => 'context_is_admin', + :value => 'foo:bar', + :file_user => 'root', + :file_group => 'trove', }) is_expected.to contain_oslo__policy('trove_config').with( :policy_file => '/etc/trove/policy.json', @@ -37,5 +39,4 @@ describe 'trove::policy' do it_configures 'trove policies' end end - end