openstack
/
charm-glance
Code Issues Proposed changes

Add minimal policy.json template for Ussuri 

As of OpenStack Ussuri, Glance has removed policy.json in favor
of using default policy in code. In order to continue supporting
the restrict-image-location-operations config option, a minimal
policy.json template is rendered for Ussuri and above. This allows
update_image_location_policy() to continue making modifications
to get_image_location, set_image_location, and delete_image_location
policy.

Change-Id: I7e3693ffda01d6a6269e771ecfd232ad2c87ce74
This commit is contained in:
Corey Bryant 2020-04-01 18:41:07 +00:00
parent 45aff98f6b
commit a0f5d548f8
3 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hooks/glance_utils.py
View File

@ -195,6 +195,10 @@ CONFIG_FILES = OrderedDict([
service_user='glance')],
'services': ['glance-api']
}),
(GLANCE_POLICY_FILE, {
'hook_contexts': [],
'services': ['glance-api', 'glance-registry']
}),
(ceph_config_file(), {
'hook_contexts': [context.CephContext()],
'services': ['glance-api', 'glance-registry']
@ -264,6 +268,11 @@ def register_configs():
if cmp_release >= 'mitaka':
configs.register(GLANCE_SWIFT_CONF,
CONFIG_FILES[GLANCE_SWIFT_CONF]['hook_contexts'])
if cmp_release >= 'ussuri':
configs.register(GLANCE_POLICY_FILE,
CONFIG_FILES[GLANCE_POLICY_FILE]['hook_contexts'])
return configs
@ -384,8 +393,6 @@ def restart_map():
else:
glance_svcs = ['glance-api', 'glance-registry']
_map.append((GLANCE_POLICY_FILE, glance_svcs))
if os.path.isdir(APACHE_SSL_DIR):
_map.append(('{}/*'.format(APACHE_SSL_DIR), glance_svcs + ['apache2']))

5
templates/ussuri/policy.json Normal file
View File

@ -0,0 +1,5 @@
{
"delete_image_location": "rule:default",
"get_image_location": "rule:default",
"set_image_location": "rule:default"
}

6
unit_tests/test_glance_utils.py
View File

@ -152,13 +152,13 @@ class TestGlanceUtils(CharmTestCase):
(utils.GLANCE_REGISTRY_CONF, ['glance-registry']),
(utils.GLANCE_API_CONF, ['glance-api']),
(utils.GLANCE_SWIFT_CONF, ['glance-api']),
(utils.GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']),
(utils.ceph_config_file(), ['glance-api', 'glance-registry']),
(utils.HAPROXY_CONF, ['haproxy']),
(utils.HTTPS_APACHE_CONF, ['apache2']),
(utils.HTTPS_APACHE_24_CONF, ['apache2']),
(utils.APACHE_PORTS_CONF, ['apache2']),
(utils.MEMCACHED_CONF, ['memcached']),
(utils.GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']),
])
self.assertEqual(ex_map, utils.restart_map())
self.enable_memcache.return_value = False
@ -174,13 +174,13 @@ class TestGlanceUtils(CharmTestCase):
ex_map = OrderedDict([
(utils.GLANCE_API_CONF, ['glance-api']),
(utils.GLANCE_SWIFT_CONF, ['glance-api']),
(utils.GLANCE_POLICY_FILE, ['glance-api']),
(utils.ceph_config_file(), ['glance-api']),
(utils.HAPROXY_CONF, ['haproxy']),
(utils.HTTPS_APACHE_CONF, ['apache2']),
(utils.HTTPS_APACHE_24_CONF, ['apache2']),
(utils.APACHE_PORTS_CONF, ['apache2']),
(utils.MEMCACHED_CONF, ['memcached']),
(utils.GLANCE_POLICY_FILE, ['glance-api']),
])
self.assertEqual(ex_map, utils.restart_map())
self.enable_memcache.return_value = False
@ -198,13 +198,13 @@ class TestGlanceUtils(CharmTestCase):
ex_map = OrderedDict([
(utils.GLANCE_API_CONF, ['glance-api']),
(utils.GLANCE_SWIFT_CONF, ['glance-api']),
(utils.GLANCE_POLICY_FILE, ['glance-api']),
(utils.ceph_config_file(), ['glance-api']),
(utils.HAPROXY_CONF, ['haproxy']),
(utils.HTTPS_APACHE_CONF, ['apache2']),
(utils.HTTPS_APACHE_24_CONF, ['apache2']),
(utils.APACHE_PORTS_CONF, ['apache2']),
(utils.MEMCACHED_CONF, ['memcached']),
(utils.GLANCE_POLICY_FILE, ['glance-api']),
('{}/*'.format(utils.APACHE_SSL_DIR),
['glance-api', 'apache2']),
])