[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to replace policy.json to policy.yaml and remove deprecated policy.json. config_template has been choosen instead of the copy, since it can properly handle content that has been lookuped. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I9d26b1b4a14360a8b38d6df19621b474c6391de9
2021-03-16 16:20:31 +02:00 · 2021-03-16 16:20:31 +02:00 · e5535186a2
parent d75fec6e0f
commit e5535186a2
2 changed files with 24 additions and 12 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -22,11 +22,11 @@
  listen:
    - "venv changed"

- name: Remove legacy policy.json file
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json file
  file:
-    path: "/etc/barbican/policy.json"
+    path: "{{ barbican_etc_directory }}/policy.json"
    state: absent
-  when:
-    - barbican_policy_overrides == {}
  listen:
    - Restart barbican services
+    - venv changed
--- a/tasks/barbican_post_install.yml
+++ b/tasks/barbican_post_install.yml
@ -39,15 +39,27 @@
    - Restart barbican services
    - Restart uwsgi services

- name: Implement policy.json if there are overrides configured
-  copy:
-    content: "{{ barbican_policy_overrides | to_nice_json }}"
-    dest: "{{ barbican_etc_directory }}/policy.json"
+- name: Implement policy.yaml if there are overrides configured
+  config_template:
+    content: "{{ barbican_policy_overrides }}"
+    dest: "{{ barbican_etc_directory }}/policy.yaml"
+    owner: "root"
+    group: "{{ barbican_system_group_name }}"
+    mode: "0640"
+    config_type: yaml
  when:
-    - barbican_policy_overrides != {}
-  notify:
-    - Restart barbican services
-    - Restart uwsgi services
+    - barbican_policy_overrides | length > 0
+  tags:
+    - barbican-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "{{ barbican_etc_directory }}/policy.yaml"
+    state: absent
+  tags:
+    - barbican-policy-override
+  when:
+    - barbican_policy_overrides | length == 0

 - name: Copy user defined libraries
  when: barbican_user_libraries | length > 0