From 97955ecb7858afbffd64d37425968905b956cf46 Mon Sep 17 00:00:00 2001
From: Andy McCrae <andy.mccrae@googlemail.com>
Date: Fri, 2 May 2014 13:07:06 +0100
Subject: [PATCH] Allow policy.json file to be specified

The policy.json file was removed in e5beee63c16ceb3499aaee513d368104684f0412
this will allow you to specify an attribute to point to a location of a
policy.json file to be used.

By default this is nil and the packaged policy.json file will be used,
but if required this can be overridden.

Change-Id: Ic3a1b0c507be627acbee1c74302997fa66a72e4b
Implements: blueprint remote-policy
---
 attributes/default.rb |  3 +++
 recipes/api.rb        | 10 ++++++++++
 spec/api_spec.rb      | 17 +++++++++++++++++
 3 files changed, 30 insertions(+)

diff --git a/attributes/default.rb b/attributes/default.rb
index 1815fb7..b7fbc48 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -37,6 +37,9 @@ default['openstack']['block-storage']['custom_template_banner'] = '
 default['openstack']['block-storage']['verbose'] = 'False'
 default['openstack']['block-storage']['debug'] = 'False'
 
+# Specify policy.json remote file to import
+default['openstack']['block-storage']['policyfile_url'] = nil
+
 # Default lock_path
 default['openstack']['block-storage']['lock_path'] = '/var/lock/cinder'
 # Default notification_driver and control exchange
diff --git a/recipes/api.rb b/recipes/api.rb
index 67237e4..ee48403 100644
--- a/recipes/api.rb
+++ b/recipes/api.rb
@@ -77,3 +77,13 @@ template '/etc/cinder/api-paste.ini' do
 
   notifies :restart, 'service[cinder-api]', :immediately
 end
+
+if node['openstack']['block-storage']['policyfile_url']
+  remote_file '/etc/cinder/policy.json' do
+    source node['openstack']['block-storage']['policyfile_url']
+    owner node['openstack']['block-storage']['user']
+    group node['openstack']['block-storage']['group']
+    mode 00644
+    notifies :restart, 'service[cinder-api]'
+  end
+end
diff --git a/spec/api_spec.rb b/spec/api_spec.rb
index f54326a..f205229 100644
--- a/spec/api_spec.rb
+++ b/spec/api_spec.rb
@@ -141,5 +141,22 @@ describe 'openstack-block-storage::api' do
         end
       end
     end
+
+    describe 'policy file' do
+      it 'does not manage policy file unless specified' do
+        expect(chef_run).not_to create_remote_file('/etc/cinder/policy.json')
+      end
+      describe 'policy file specified' do
+        before { node.set['openstack']['block-storage']['policyfile_url'] = 'http://server/mypolicy.json' }
+        let(:remote_policy) { chef_run.remote_file('/etc/cinder/policy.json') }
+
+        it 'manages policy file when remote file is specified' do
+          expect(chef_run).to create_remote_file('/etc/cinder/policy.json').with(
+            user: 'cinder',
+            group: 'cinder',
+            mode: 00644)
+        end
+      end
+    end
   end
 end