Add group to policy management

The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed Change-Id: I24400d82781d9c1d4e8d559691eff7832053b87b Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-10 14:07:56 -08:00 · 2018-01-10 14:07:56 -08:00 · f59554ff4f
commit f59554ff4f
parent e847f69b29
3 changed files with 18 additions and 6 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -6,6 +6,7 @@ class cinder::params {
  include ::openstacklib::defaults

  $client_package            = 'python-cinderclient'
+  $group                     = 'cinder'
  $cinder_wsgi_script_source = '/usr/bin/cinder-wsgi'

  if $::osfamily == 'Debian' {
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -8,8 +8,14 @@
 #   (optional) Set of policies to configure for cinder
 #   Example :
 #     {
-#       'cinder-context_is_admin' => {'context_is_admin' => 'true'},
-#       'cinder-default'          => {'default' => 'rule:admin_or_owner'}
+#       'cinder-context_is_admin' => {
+#         'key' => 'context_is_admin',
+#         'value' => 'true'
+#       },
+#       'cinder-default' => {
+#         'key' => 'default',
+#         'value' => 'rule:admin_or_owner'
+#       }
 #     }
 #   Defaults to empty hash.
 #
@ -23,14 +29,18 @@ class cinder::policy (
 ) {

  include ::cinder::deps
+  include ::cinder::params

  validate_hash($policies)

  Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::cinder::params::group,
  }

  create_resources('openstacklib::policy::base', $policies)
+
  oslo::policy { 'cinder_config': policy_file => $policy_path }

 }
--- a/spec/classes/cinder_policy_spec.rb
+++ b/spec/classes/cinder_policy_spec.rb
@ -17,8 +17,10 @@ describe 'cinder::policy' do

    it 'set up the policies' do
      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'cinder',
      })
      is_expected.to contain_oslo__policy('cinder_config').with(
        :policy_file => '/etc/cinder/policy.json',
@ -37,5 +39,4 @@ describe 'cinder::policy' do
      it_configures 'cinder policies'
    end
  end
-
 end