fix changing the policy file of heat

heat removed the stacks global index rule which defaults to deny everybody vitrage needs to change it fix it so it will replace or add the rule instead of just replacing the old rule Depends-On: I428d04598910edfe67e8b8deb608bcf1233d672d Change-Id: I125f0f15aebe2a0a09dba4b18312b857ce40b6ad
2017-12-11 16:10:15 +02:00 · 2017-12-11 16:10:15 +02:00 · 0454e6b42a
commit 0454e6b42a
parent 359c38cf68
1 changed files with 11 additions and 2 deletions
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -342,9 +342,18 @@ function stop_vitrage {

 function modify_heat_global_index_policy_rule {
    if is_service_enabled heat; then
-        local policy_file=$HEAT_CONF_DIR/policy.json
        # Allow to list all stacks
-        sed -i 's/"stacks:global_index": "rule:deny_everybody"/"stacks:global_index": "rule:deny_stack_user"/' $policy_file
+        local policy_file=$HEAT_CONF_DIR/policy.json
+        local rule_to_change='"stacks:global_index": "rule:deny_everybody"'
+        local rule_to_add='"stacks:global_index": "rule:deny_stack_user"'
+
+        # replace only if exists deny_everybody
+        if grep -q "$rule_to_change" $policy_file; then
+            sed -i "s/$rule_to_change/$rule_to_add/" $policy_file
+        # add only if not exists deny_stack_user
+        elif ! grep -q "$rule_to_add" $policy_file; then
+            sed -i "/}/i\\ \\ \\ ,$rule_to_add" $policy_file
+        fi
    fi
 }