From bdd660ccdb0528c8abd0530c6aa35bb3ea61a768 Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@redhat.com>
Date: Tue, 9 Jan 2018 11:08:17 -0700
Subject: [PATCH] Add group to policy management

The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Related-Bug: #1742154
Change-Id: I10b322d05042fdef23758d46906cf57aa9def97f
---
 manifests/params.pp               | 1 +
 manifests/policy.pp               | 7 +++++--
 spec/classes/zaqar_policy_spec.rb | 6 ++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 0239778..e55f556 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,6 +6,7 @@ class zaqar::params {
   include ::openstacklib::defaults
 
   $client_package_name = 'python-zaqarclient'
+  $group               = 'zaqar'
 
   case $::osfamily {
     'RedHat': {
diff --git a/manifests/policy.pp b/manifests/policy.pp
index e84db3e..be7edeb 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -20,7 +20,7 @@
 #   Defaults to empty hash.
 #
 # [*policy_path*]
-#   (optional) Path to the nova policy.json file
+#   (optional) Path to the zaqar policy.json file
 #   Defaults to /etc/zaqar/policy.json
 #
 class zaqar::policy (
@@ -29,11 +29,14 @@ class zaqar::policy (
 ) {
 
   include ::zaqar::deps
+  include ::zaqar::params
 
   validate_hash($policies)
 
   Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::zaqar::params::group,
   }
 
   create_resources('openstacklib::policy::base', $policies)
diff --git a/spec/classes/zaqar_policy_spec.rb b/spec/classes/zaqar_policy_spec.rb
index 192577c..2f110bb 100644
--- a/spec/classes/zaqar_policy_spec.rb
+++ b/spec/classes/zaqar_policy_spec.rb
@@ -17,8 +17,10 @@ describe 'zaqar::policy' do
 
     it 'set up the policies' do
       is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'zaqar',
       })
       is_expected.to contain_oslo__policy('zaqar_config').with(
         :policy_file => '/etc/zaqar/policy.json',