Add group to policy management

The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Change-Id: I3c680647c310ad87bb5fb790675a16da784e6e27
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
This commit is contained in:
Emilien Macchi 2018-01-10 14:11:43 -08:00
parent c69542dfd1
commit 6941810418
3 changed files with 19 additions and 6 deletions

View File

@ -6,6 +6,7 @@ class trove::params {
include ::openstacklib::defaults
$client_package_name = 'python-troveclient'
$group = 'trove'
case $::osfamily {
'RedHat': {

View File

@ -8,8 +8,14 @@
# (optional) Set of policies to configure for trove
# Example :
# {
# 'trove-context_is_admin' => {'context_is_admin' => 'true'},
# 'trove-default' => {'default' => 'rule:admin_or_owner'}
# 'trove-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'trove-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
# }
# Defaults to empty hash.
#
@ -23,13 +29,18 @@ class trove::policy (
) {
include ::trove::deps
include ::trove::params
validate_hash($policies)
Openstacklib::Policy::Base {
file_path => $policy_path,
file_user => 'root',
file_group => $::trove::params::group,
}
create_resources('openstacklib::policy::base', $policies)
oslo::policy { 'trove_config': policy_file => $policy_path }
}

View File

@ -18,7 +18,9 @@ describe 'trove::policy' do
it 'set up the policies' do
is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
:key => 'context_is_admin',
:value => 'foo:bar'
:value => 'foo:bar',
:file_user => 'root',
:file_group => 'trove',
})
is_expected.to contain_oslo__policy('trove_config').with(
:policy_file => '/etc/trove/policy.json',
@ -37,5 +39,4 @@ describe 'trove::policy' do
it_configures 'trove policies'
end
end
end