From 4308645975159fa71d4e85abf56ff9e13d97ed5b Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Wed, 10 Jan 2018 14:11:25 -0800
Subject: [PATCH] Add group to policy management

The move of policy.json into code means the file may not exist. We've
added support to ensure that the file exists in the openstacklib but we
need to make sure the permissions are right for each service. This adds
the group information to the policies so it works right.

Depends-On: I26e8b1384f4f69712da9d06a4c565dfd1f17c9ed
Change-Id: Idb0125811d7cd4b2e5288282649b9668f5711419
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
---
 manifests/params.pp                |  1 +
 manifests/policy.pp                |  5 ++++-
 spec/classes/tacker_policy_spec.rb | 13 ++++++++-----
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 5124c64..49d48d0 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -2,6 +2,7 @@
 #
 class tacker::params {
   include ::openstacklib::defaults
+  $group = 'tacker'
 
   $client_package_name = 'python-tackerclient'
   case $::osfamily {
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 949f13b..3e77fe5 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -29,11 +29,14 @@ class tacker::policy (
 ) {
 
   include ::tacker::deps
+  include ::tacker::params
 
   validate_hash($policies)
 
   Openstacklib::Policy::Base {
-    file_path => $policy_path,
+    file_path  => $policy_path,
+    file_user  => 'root',
+    file_group => $::tacker::params::group,
   }
 
   create_resources('openstacklib::policy::base', $policies)
diff --git a/spec/classes/tacker_policy_spec.rb b/spec/classes/tacker_policy_spec.rb
index 906f5a4..c08d988 100644
--- a/spec/classes/tacker_policy_spec.rb
+++ b/spec/classes/tacker_policy_spec.rb
@@ -1,7 +1,8 @@
 require 'spec_helper'
 
 describe 'tacker::policy' do
-  shared_examples_for 'tacker-policies' do
+
+  shared_examples_for 'tacker policies' do
     let :params do
       {
         :policy_path => '/etc/tacker/policy.json',
@@ -16,8 +17,10 @@ describe 'tacker::policy' do
 
     it 'set up the policies' do
       is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key   => 'context_is_admin',
-        :value => 'foo:bar'
+        :key        => 'context_is_admin',
+        :value      => 'foo:bar',
+        :file_user  => 'root',
+        :file_group => 'tacker',
       })
       is_expected.to contain_oslo__policy('tacker_config').with(
         :policy_file => '/etc/tacker/policy.json',
@@ -26,14 +29,14 @@ describe 'tacker::policy' do
   end
 
   on_supported_os({
-    :supported_os => OSDefaults.get_supported_os
+    :supported_os   => OSDefaults.get_supported_os
   }).each do |os,facts|
     context "on #{os}" do
       let (:facts) do
         facts.merge!(OSDefaults.get_facts())
       end
 
-      it_behaves_like 'tacker-policies'
+      it_configures 'tacker policies'
     end
   end
 end