policy.json: Allow one to manage them from the puppet module

This commit allow a deployer to manage the policies via this module It relies on augeas to change only the policy needed. The init takes a hash of policies and apply them. Change-Id: If41f08571577bb799a373202dc58c2577bbe7f74
2014-09-26 19:09:22 -04:00 · 2014-09-26 19:09:22 -04:00 · 92d5df6f65
parent 0e6d7eacec
commit 92d5df6f65
8 changed files with 80 additions and 0 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -22,10 +22,13 @@ class heat::api (

  include heat
  include heat::params
+  include heat::policy

  Heat_config<||> ~> Service['heat-api']
+  Class['heat::policy'] -> Service['heat-api']

  Package['heat-api'] -> Heat_config<||>
+  Package['heat-api'] -> Class['heat::policy']
  Package['heat-api'] -> Service['heat-api']

  if $use_ssl {
--- a/manifests/api_cfn.pp
+++ b/manifests/api_cfn.pp
@ -22,10 +22,13 @@ class heat::api_cfn (

  include heat
  include heat::params
+  include heat::policy

  Heat_config<||> ~> Service['heat-api-cfn']
+  Class['heat::policy'] -> Service['heat-api-cfn']

  Package['heat-api-cfn'] -> Heat_config<||>
+  Package['heat-api-cfn'] -> Class['heat::policy']
  Package['heat-api-cfn'] -> Service['heat-api-cfn']

  if $use_ssl {
--- a/manifests/api_cloudwatch.pp
+++ b/manifests/api_cloudwatch.pp
@ -22,10 +22,13 @@ class heat::api_cloudwatch (

  include heat
  include heat::params
+  include heat::policy

  Heat_config<||> ~> Service['heat-api-cloudwatch']
+  Class['heat::policy'] -> Service['heat-api-cloudwatch']

  Package['heat-api-cloudwatch'] -> Heat_config<||>
+  Package['heat-api-cloudwatch'] -> Class['heat::policy']
  Package['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch']

  if $use_ssl {
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -0,0 +1,28 @@
+# == Class: heat::policy
+#
+# Configure the heat policies
+#
+# === Parameters
+#
+# [*policies*]
+#   (optional) Set of policies to configure for heat
+#   Example : { 'heat-context_is_admin' => {'context_is_admin' => 'true'}, 'heat-default' => {'default' => 'rule:admin_or_owner'} }
+#   Defaults to empty hash.
+#
+# [*policy_path*]
+#   (optional) Path to the heat policy.json file
+#   Defaults to /etc/heat/policy.json
+#
+class heat::policy (
+  $policies    = {},
+  $policy_path = '/etc/heat/policy.json',
+) {
+
+  Openstacklib::Policy::Base {
+    file_path => $policy_path,
+  }
+  class { 'openstacklib::policy' :
+    policies => $policies,
+  }
+
+}
--- a/spec/classes/heat_api_cfn_spec.rb
+++ b/spec/classes/heat_api_cfn_spec.rb
@ -16,6 +16,7 @@ describe 'heat::api_cfn' do

      it { should contain_class('heat') }
      it { should contain_class('heat::params') }
+      it { should contain_class('heat::policy') }

      it { should contain_heat_config('heat_api_cfn/bind_host').with_value( params[:bind_host] ) }
      it { should contain_heat_config('heat_api_cfn/bind_port').with_value( params[:bind_port] ) }
--- a/spec/classes/heat_api_cloudwatch_spec.rb
+++ b/spec/classes/heat_api_cloudwatch_spec.rb
@ -16,6 +16,7 @@ describe 'heat::api_cloudwatch' do

      it { should contain_class('heat') }
      it { should contain_class('heat::params') }
+      it { should contain_class('heat::policy') }

      it { should contain_heat_config('heat_api_cloudwatch/bind_host').with_value( params[:bind_host] ) }
      it { should contain_heat_config('heat_api_cloudwatch/bind_port').with_value( params[:bind_port] ) }
--- a/spec/classes/heat_api_spec.rb
+++ b/spec/classes/heat_api_spec.rb
@ -16,6 +16,7 @@ describe 'heat::api' do

      it { should contain_class('heat') }
      it { should contain_class('heat::params') }
+      it { should contain_class('heat::policy') }

      it { should contain_heat_config('heat_api/bind_host').with_value( params[:bind_host] ) }
      it { should contain_heat_config('heat_api/bind_port').with_value( params[:bind_port] ) }
--- a/spec/classes/heat_policy_spec.rb
+++ b/spec/classes/heat_policy_spec.rb
@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe 'heat::policy' do
+
+  shared_examples_for 'heat policies' do
+    let :params do
+      {
+        :policy_path => '/etc/heat/policy.json',
+        :policies    => {
+          'context_is_admin' => {
+            'key'   => 'context_is_admin',
+            'value' => 'foo:bar'
+          }
+        }
+      }
+    end
+
+    it 'set up the policies' do
+      should contain_class('openstacklib::policy').with({
+        :policies => params[:policies]
+      })
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian' }
+    end
+
+    it_configures 'heat policies'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat' }
+    end
+
+    it_configures 'heat policies'
+  end
+end