Remove policy json file

Remove the policy.json template, as they contain no templated variables.
This would allow use of the policy.json files provided via the package,
and decrease the need to sync them with upstream

Change-Id: I4b76b948b6a08502f15c5289f5c0503d24382006
Implements: blueprint remove-policy-templates
This commit is contained in:
Mark Vanderwiel 2014-04-17 13:18:30 -05:00
parent 0a2d3e6174
commit e5beee63c1
9 changed files with 4 additions and 76 deletions

View File

@ -2,6 +2,9 @@ openstack-block-storage Cookbook CHANGELOG
==============================
This file is used to list changes made in each version of the openstack-block-storage cookbook.
## 9.0.2
### Blue print
* Remove policy template
## 9.0.1
### Bug

View File

@ -102,10 +102,6 @@ Cinder attributes
* `openstack["block-storage"]["rbd_pool"]` - RADOS Block Device pool to use
* `openstack["block-storage"]["rbd_user"]` - User for Cephx Authentication
* `openstack["block-storage"]["rbd_secret_uuid"]` - Secret UUID for Cephx Authentication
* `openstack["block-storage"]["policy"]["context_is_admin"]` - Define administrators
* `openstack["block-storage"]["policy"]["default"]` - Default volume operations rule
* `openstack["block-storage"]["policy"]["admin_or_owner"]` - Define an admin or owner
* `openstack["block-storage"]["policy"]["admin_api"]` - Define api admin
* `openstack["block-storage"]["netapp"]["protocol"]` - How are we talking to either dfm or filer, http or https
* `openstack["block-storage"]["netapp"]["dfm_hostname"]` - Host or IP of your dfm server
* `openstack["block-storage"]["netapp"]["dfm_login"]` - Username for dfm

View File

@ -219,12 +219,6 @@ default['openstack']['block-storage']['rbd_secret_uuid'] = nil
default['openstack']['block-storage']['rbd_secret_name'] = '00000000-0000-0000-0000-000000000000'
default['openstack']['block-storage']['rbd_key_name'] = 'openstack_image_cephx_key'
# Cinder Policy defaults
default['openstack']['block-storage']['policy']['context_is_admin'] = '["role:admin"]'
default['openstack']['block-storage']['policy']['default'] = '["rule:admin_or_owner"]'
default['openstack']['block-storage']['policy']['admin_or_owner'] = '["is_admin:True"], ["project_id:%(project_id)s"]'
default['openstack']['block-storage']['policy']['admin_api'] = '["is_admin:True"]'
case platform_family
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
# operating system user and group names

View File

@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
license 'Apache 2.0'
description 'The OpenStack Advanced Volume Management service Cinder.'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '9.0.1'
version '9.1.0'
recipe 'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
recipe 'openstack-block-storage::client', 'Install packages required for cinder client'

View File

@ -77,11 +77,3 @@ template '/etc/cinder/api-paste.ini' do
notifies :restart, 'service[cinder-api]', :immediately
end
template '/etc/cinder/policy.json' do
source 'policy.json.erb'
owner node['openstack']['block-storage']['user']
group node['openstack']['block-storage']['group']
mode 00644
notifies :restart, 'service[cinder-api]'
end

View File

@ -31,8 +31,6 @@ describe 'openstack-block-storage::api' do
expect(chef_run).to enable_service 'openstack-cinder-api'
end
expect_creates_policy_json(
'service[cinder-api]', 'openstack-cinder', 'openstack-cinder')
expect_creates_cinder_conf(
'service[cinder-api]', 'openstack-cinder', 'openstack-cinder')
end

View File

@ -92,8 +92,6 @@ describe 'openstack-block-storage::api' do
expect(chef_run).to run_execute('cinder-manage db sync')
end
expect_creates_policy_json 'service[cinder-api]', 'cinder', 'cinder'
describe 'api-paste.ini' do
let(:file) { chef_run.template('/etc/cinder/api-paste.ini') }

View File

@ -113,22 +113,3 @@ def expect_creates_cinder_conf(service, user, group, action = :restart) # ruboco
end
end
end
def expect_creates_policy_json(service, user, group, action = :restart) # rubocop:disable MethodLength
describe 'policy.json' do
let(:file) { chef_run.template('/etc/cinder/policy.json') }
it 'has proper owner' do
expect(file.owner).to eq(user)
expect(file.group).to eq(group)
end
it 'has proper modes' do
expect(sprintf('%o', file.mode)).to eq '644'
end
it 'notifies service restart' do
expect(file).to notify(service).to(action)
end
end
end

View File

@ -1,34 +0,0 @@
{
"context_is_admin": [<%= node["openstack"]["block-storage"]["policy"]["context_is_admin"] %>],
"admin_or_owner": [<%= node["openstack"]["block-storage"]["policy"]["admin_or_owner"] %>],
"default": [<%= node["openstack"]["block-storage"]["policy"]["default"] %>],
"admin_api": [<%= node["openstack"]["block-storage"]["policy"]["admin_api"] %>],
"volume:create": [],
"volume:get_all": [],
"volume:get_volume_metadata": [],
"volume:get_snapshot": [],
"volume:get_all_snapshots": [],
"volume_extension:types_manage": [["rule:admin_api"]],
"volume_extension:types_extra_specs": [["rule:admin_api"]],
"volume_extension:extended_snapshot_attributes": [],
"volume_extension:volume_image_metadata": [],
"volume_extension:quotas:show": [],
"volume_extension:quotas:update_for_project": [["rule:admin_api"]],
"volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]],
"volume_extension:quota_classes": [],
"volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
"volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
"volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
"volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
"volume_extension:volume_host_attribute": [["rule:admin_api"]],
"volume_extension:volume_tenant_attribute": [["rule:admin_api"]],
"volume_extension:hosts": [["rule:admin_api"]],
"volume_extension:services": [["rule:admin_api"]],
"volume:services": [["rule:admin_api"]]
}