Remove policy json file
Remove the policy.json template, as they contain no templated variables. This would allow use of the policy.json files provided via the package, and decrease the need to sync them with upstream Change-Id: I4b76b948b6a08502f15c5289f5c0503d24382006 Implements: blueprint remove-policy-templates
This commit is contained in:
parent
0a2d3e6174
commit
e5beee63c1
|
@ -2,6 +2,9 @@ openstack-block-storage Cookbook CHANGELOG
|
|||
==============================
|
||||
This file is used to list changes made in each version of the openstack-block-storage cookbook.
|
||||
|
||||
## 9.0.2
|
||||
### Blue print
|
||||
* Remove policy template
|
||||
|
||||
## 9.0.1
|
||||
### Bug
|
||||
|
|
|
@ -102,10 +102,6 @@ Cinder attributes
|
|||
* `openstack["block-storage"]["rbd_pool"]` - RADOS Block Device pool to use
|
||||
* `openstack["block-storage"]["rbd_user"]` - User for Cephx Authentication
|
||||
* `openstack["block-storage"]["rbd_secret_uuid"]` - Secret UUID for Cephx Authentication
|
||||
* `openstack["block-storage"]["policy"]["context_is_admin"]` - Define administrators
|
||||
* `openstack["block-storage"]["policy"]["default"]` - Default volume operations rule
|
||||
* `openstack["block-storage"]["policy"]["admin_or_owner"]` - Define an admin or owner
|
||||
* `openstack["block-storage"]["policy"]["admin_api"]` - Define api admin
|
||||
* `openstack["block-storage"]["netapp"]["protocol"]` - How are we talking to either dfm or filer, http or https
|
||||
* `openstack["block-storage"]["netapp"]["dfm_hostname"]` - Host or IP of your dfm server
|
||||
* `openstack["block-storage"]["netapp"]["dfm_login"]` - Username for dfm
|
||||
|
|
|
@ -219,12 +219,6 @@ default['openstack']['block-storage']['rbd_secret_uuid'] = nil
|
|||
default['openstack']['block-storage']['rbd_secret_name'] = '00000000-0000-0000-0000-000000000000'
|
||||
default['openstack']['block-storage']['rbd_key_name'] = 'openstack_image_cephx_key'
|
||||
|
||||
# Cinder Policy defaults
|
||||
default['openstack']['block-storage']['policy']['context_is_admin'] = '["role:admin"]'
|
||||
default['openstack']['block-storage']['policy']['default'] = '["rule:admin_or_owner"]'
|
||||
default['openstack']['block-storage']['policy']['admin_or_owner'] = '["is_admin:True"], ["project_id:%(project_id)s"]'
|
||||
default['openstack']['block-storage']['policy']['admin_api'] = '["is_admin:True"]'
|
||||
|
||||
case platform_family
|
||||
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
# operating system user and group names
|
||||
|
|
|
@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
|
|||
license 'Apache 2.0'
|
||||
description 'The OpenStack Advanced Volume Management service Cinder.'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '9.0.1'
|
||||
version '9.1.0'
|
||||
|
||||
recipe 'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
|
||||
recipe 'openstack-block-storage::client', 'Install packages required for cinder client'
|
||||
|
|
|
@ -77,11 +77,3 @@ template '/etc/cinder/api-paste.ini' do
|
|||
|
||||
notifies :restart, 'service[cinder-api]', :immediately
|
||||
end
|
||||
|
||||
template '/etc/cinder/policy.json' do
|
||||
source 'policy.json.erb'
|
||||
owner node['openstack']['block-storage']['user']
|
||||
group node['openstack']['block-storage']['group']
|
||||
mode 00644
|
||||
notifies :restart, 'service[cinder-api]'
|
||||
end
|
||||
|
|
|
@ -31,8 +31,6 @@ describe 'openstack-block-storage::api' do
|
|||
expect(chef_run).to enable_service 'openstack-cinder-api'
|
||||
end
|
||||
|
||||
expect_creates_policy_json(
|
||||
'service[cinder-api]', 'openstack-cinder', 'openstack-cinder')
|
||||
expect_creates_cinder_conf(
|
||||
'service[cinder-api]', 'openstack-cinder', 'openstack-cinder')
|
||||
end
|
||||
|
|
|
@ -92,8 +92,6 @@ describe 'openstack-block-storage::api' do
|
|||
expect(chef_run).to run_execute('cinder-manage db sync')
|
||||
end
|
||||
|
||||
expect_creates_policy_json 'service[cinder-api]', 'cinder', 'cinder'
|
||||
|
||||
describe 'api-paste.ini' do
|
||||
let(:file) { chef_run.template('/etc/cinder/api-paste.ini') }
|
||||
|
||||
|
|
|
@ -113,22 +113,3 @@ def expect_creates_cinder_conf(service, user, group, action = :restart) # ruboco
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def expect_creates_policy_json(service, user, group, action = :restart) # rubocop:disable MethodLength
|
||||
describe 'policy.json' do
|
||||
let(:file) { chef_run.template('/etc/cinder/policy.json') }
|
||||
|
||||
it 'has proper owner' do
|
||||
expect(file.owner).to eq(user)
|
||||
expect(file.group).to eq(group)
|
||||
end
|
||||
|
||||
it 'has proper modes' do
|
||||
expect(sprintf('%o', file.mode)).to eq '644'
|
||||
end
|
||||
|
||||
it 'notifies service restart' do
|
||||
expect(file).to notify(service).to(action)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
"context_is_admin": [<%= node["openstack"]["block-storage"]["policy"]["context_is_admin"] %>],
|
||||
"admin_or_owner": [<%= node["openstack"]["block-storage"]["policy"]["admin_or_owner"] %>],
|
||||
"default": [<%= node["openstack"]["block-storage"]["policy"]["default"] %>],
|
||||
|
||||
"admin_api": [<%= node["openstack"]["block-storage"]["policy"]["admin_api"] %>],
|
||||
|
||||
"volume:create": [],
|
||||
"volume:get_all": [],
|
||||
"volume:get_volume_metadata": [],
|
||||
"volume:get_snapshot": [],
|
||||
"volume:get_all_snapshots": [],
|
||||
|
||||
"volume_extension:types_manage": [["rule:admin_api"]],
|
||||
"volume_extension:types_extra_specs": [["rule:admin_api"]],
|
||||
"volume_extension:extended_snapshot_attributes": [],
|
||||
"volume_extension:volume_image_metadata": [],
|
||||
|
||||
"volume_extension:quotas:show": [],
|
||||
"volume_extension:quotas:update_for_project": [["rule:admin_api"]],
|
||||
"volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]],
|
||||
"volume_extension:quota_classes": [],
|
||||
|
||||
"volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
|
||||
"volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
|
||||
"volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
|
||||
"volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
|
||||
|
||||
"volume_extension:volume_host_attribute": [["rule:admin_api"]],
|
||||
"volume_extension:volume_tenant_attribute": [["rule:admin_api"]],
|
||||
"volume_extension:hosts": [["rule:admin_api"]],
|
||||
"volume_extension:services": [["rule:admin_api"]],
|
||||
"volume:services": [["rule:admin_api"]]
|
||||
}
|
Loading…
Reference in New Issue