Policy support for Trove

Trove is adding policy support, since it's not yet released (landing in Newton) this code will not auto-include the policy class as other modules do. That will be done later after all distros support a Trove version with a policy.json file. Change-Id: Iae8f8bf341ae17190676c524444600e660420e46
2016-08-24 11:17:23 -04:00 · 2016-08-24 11:17:23 -04:00 · e2729f0fa8
commit e2729f0fa8
parent 7558054c04
3 changed files with 76 additions and 0 deletions
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -0,0 +1,33 @@
+# == Class: trove::policy
+#
+# Configure the trove policies
+#
+# === Parameters
+#
+# [*policies*]
+#   (optional) Set of policies to configure for trove
+#   Example :
+#     {
+#       'trove-context_is_admin' => {'context_is_admin' => 'true'},
+#       'trove-default'          => {'default' => 'rule:admin_or_owner'}
+#     }
+#   Defaults to empty hash.
+#
+# [*policy_path*]
+#   (optional) Path to the trove policy.json file
+#   Defaults to /etc/trove/policy.json
+#
+class trove::policy (
+  $policies    = {},
+  $policy_path = '/etc/trove/policy.json',
+) {
+
+  validate_hash($policies)
+
+  Openstacklib::Policy::Base {
+    file_path => $policy_path,
+  }
+
+  create_resources('openstacklib::policy::base', $policies)
+  oslo::policy { 'trove_config': policy_file => $policy_path }
+}
--- a/releasenotes/notes/policy-file-support-06db0c1ae60284a5.yaml
+++ b/releasenotes/notes/policy-file-support-06db0c1ae60284a5.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - Support for policy files which are being added
+    to Trove.
--- a/spec/classes/trove_policy_spec.rb
+++ b/spec/classes/trove_policy_spec.rb
@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe 'trove::policy' do
+
+  shared_examples_for 'trove policies' do
+    let :params do
+      {
+        :policy_path => '/etc/trove/policy.json',
+        :policies    => {
+          'context_is_admin' => {
+            'key'   => 'context_is_admin',
+            'value' => 'foo:bar'
+          }
+        }
+      }
+    end
+
+    it 'set up the policies' do
+      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
+        :key   => 'context_is_admin',
+        :value => 'foo:bar'
+      })
+      is_expected.to contain_trove_config('oslo_policy/policy_file').with_value('/etc/trove/policy.json')
+    end
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'trove policies'
+    end
+  end
+
+end