Remove legacy policy.json file

If there is no policy override configured, but a policy.json file is present, then it's likely left over from a previous build. To ensure that we do not carry legacy configuration files which override the policy-in-code we remove the legacy file. This is done on restart to ensure that the policy still applies until the code is updated. Change-Id: I7faade8b736e9722e986909dd688b628d2cc65e0
2019-01-11 14:46:33 +00:00 · 2019-01-11 14:46:33 +00:00 · 534c092e16
parent e741ee9ec4
commit 534c092e16
1 changed files with 9 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -21,3 +21,12 @@
  with_items: "{{ filtered_barbican_services }}"
  listen:
    - "venv changed"
+
+- name: Remove legacy policy.json file
+  file:
+    path: "/etc/barbican/policy.json"
+    state: absent
+  when:
+    - barbican_policy_overrides == {}
+  listen:
+    - Restart barbican services