Commit Graph

18 Commits

Author SHA1 Message Date
Takashi Kajinami da507fc631 Refactor resource dependencies
This refactors resource dependencies to improve the following points.

 - Avoid unnecessary dependencies across services. For example aodh
   service does not require cinder db.

 - Restart only api service when config files like paste.ini, which
   are used only be api service is changed.

Change-Id: If2cbbc392bd54d906c7a4f51f1c7cfca69463aaf
2024-03-01 13:12:01 +09:00
Takashi Kajinami de577f08c9 Ensure purge_config takes a boolean value
The purge_config parameters only accept boolean values. This enforces
that using the typed parameters.

Change-Id: I2efca4fd863dde8b755c4cf3f6485351b5c4494d
2023-07-18 00:51:06 +09:00
Tobias Urdin 133dd8b13d Add per module policy service refresh
Updating the policies for this project should only
refresh the services that reads it.

Change-Id: Ie848a4ead3c493f01bf941e57741616d4c4cda47
2023-06-26 00:04:00 +02:00
Takashi Kajinami 8ed0bcb867 replace validate_legacy with proper data types
the validate_legacy function is marked for deprecation in
v9.0.0 from puppetlabs-stdlib.

Note that this change looses validation about pool ids. Alternatively
we can define a new data type to keep the validation, but these defined
types for pool-manager were already deprecated and useless and will be
removed in a near future release so we avoid that redundant step.

Change-Id: I85d7058bf379c6aa0e787b2f806f14aebf0693d3
2023-06-19 17:27:32 +09:00
Takashi Kajinami dd44ce031e Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: Ica6edbc7077c0bb2021cc737f44f3ced84cd5f83
2023-03-01 16:49:01 +09:00
Takashi Kajinami 99de16e85a Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I6bf6898156e7b650dad717a80b4ff86427877205
2023-01-23 14:29:06 +09:00
Takashi Kajinami 069148d9ce Allow purging policy files
This change introduces the new purge_config parameter to the policy
class so that any policy rules not managed by puppet manifests can be
cleared.

Co-Authored-By: Martin Schuppert <mschuppert@redhat.com>
Depends-On: https://review.opendev.org/802305
Change-Id: I9d1051ce925384d4e33f13d970040f085256465b
2021-09-04 21:58:46 +09:00
Thomas Goirand 426129a6f0 Allow to configure policy_dirs
This patch makes it possible to override the current service default,
which is /etc/<service>/policy.d .

Change-Id: Ib505efe2e14f20d95ecae550ae70bd782af3c01c
2021-04-01 22:48:32 +02:00
Takashi Kajinami 1016467abf Add support for oslo_policy/enforce_new_defaults
Depends-on: https://review.opendev.org/781428
Change-Id: Iedf12ae29943efa5a238869aeaf6278e7bb944fe
2021-03-24 16:28:39 +09:00
Takashi Kajinami 2793574262 Add support for the oslo_policy/enforce_scope parameter
Depends-on: https://review.opendev.org/#/c/759008/
Change-Id: Ide8eada6d20f65b44bdff55f1cae12abc014fd59
2021-03-16 12:34:58 +09:00
Takashi Kajinami 702128cad5 Use yaml instead of json for policy file
Because usage of json for policy file will be deprecated and replaced
by yaml[1].

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Depends-on: https://review.opendev.org/769647
Change-Id: I1ebd0852e7a39063115f18bed2c9333abf748795
2021-01-07 23:19:08 +00:00
Tobias Urdin b7f73b35c5 Convert all class usage to relative names
Change-Id: Iae69aff79cc231336b14d65305fff9c64cbd27e0
2019-12-08 23:04:25 +01:00
Tobias Urdin d83b0dafdc Use validate_legacy
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.

The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.

This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].

[1] https://review.openstack.org/#/c/568929/

Change-Id: If8c450da479eca3167d93a1ef29ac8b1bc4312ca
2019-02-23 14:41:42 +01:00
ZhongShengping e18521569a Cleanup documentation
Make sure documentation is the same and follow
the standard which we are trying to enforce on
all modules.

Change-Id: I47f55d8e608509ee9f42a00edb7acfe59ca87983
2018-12-13 17:10:01 +08:00
Emilien Macchi 4c6482c419 Add group to policy management
The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: I31bec4b9509e27affd60136537a2a9d6168a62e1
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
2018-01-11 15:54:41 +00:00
ZhongShengping c0835195c0 Switch to puppet-oslo configuring policy
Change-Id: Id6a805508153f03b83967783caf22db72afc8e79
2017-02-13 14:32:38 +08:00
ZhongShengping 1e95f32a6f Add hooks for external install & svc management
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain.  This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.

Change-Id: If9fa188b7dca47e6724a737d66e34c0c85668c36
2016-12-01 08:44:02 +08:00
Clayton O'Neill 2910f825ef Add policy.json management
This is mostly a copy of the existing neutron policy.json management and
leverages the resources in openstacklib for managing designate's
policy.json

Change-Id: I1fbf35b3dfa2e3a9b5f3ec351f8776951dfb41cf
2015-03-23 14:04:26 +00:00