Add group to policy management
The move of policy.json into code means the file may not exist. We've added support to ensure that the file exists in the openstacklib but we need to make sure the permissions are right for each service. This adds the group information to the policies so it works right. Change-Id: I2101ddb29e48733a5a5982daafe074ce1c983e9c Co-Authored-By: Alex Schultz <aschultz@redhat.com>
This commit is contained in:
parent
58566a032b
commit
3bc17a62f9
|
@ -7,6 +7,7 @@ class glance::params {
|
|||
|
||||
$cache_cleaner_command = 'glance-cache-cleaner'
|
||||
$cache_pruner_command = 'glance-cache-pruner'
|
||||
$group = 'glance'
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
|
|
|
@ -23,19 +23,22 @@
|
|||
# (optional) Path to the glance policy.json file
|
||||
# Defaults to /etc/glance/policy.json
|
||||
#
|
||||
class glance::policy(
|
||||
class glance::policy (
|
||||
$policies = {},
|
||||
$policy_path = '/etc/glance/policy.json',
|
||||
) {
|
||||
|
||||
include ::glance::deps
|
||||
include ::glance::params
|
||||
|
||||
validate_hash($policies)
|
||||
|
||||
Openstacklib::Policy::Base {
|
||||
file_path => $policy_path,
|
||||
require => Anchor['glance::config::begin'],
|
||||
notify => Anchor['glance::config::end'],
|
||||
file_path => $policy_path,
|
||||
file_user => 'root',
|
||||
file_group => $::glance::params::group,
|
||||
require => Anchor['glance::config::begin'],
|
||||
notify => Anchor['glance::config::end'],
|
||||
}
|
||||
|
||||
create_resources('openstacklib::policy::base', $policies)
|
||||
|
|
|
@ -17,8 +17,10 @@ describe 'glance::policy' do
|
|||
|
||||
it 'set up the policies' do
|
||||
is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar'
|
||||
:key => 'context_is_admin',
|
||||
:value => 'foo:bar',
|
||||
:file_user => 'root',
|
||||
:file_group => 'glance',
|
||||
})
|
||||
is_expected.to contain_oslo__policy('glance_api_config').with(
|
||||
:policy_file => '/etc/glance/policy.json',
|
||||
|
|
Loading…
Reference in New Issue