 2a5c089b21
			
		
	
	2a5c089b21
	
	
	
		
			
			Import the parameter types from openstacklib::policy so that parameter types are validated at module level, instead of internal resource call. Also remove the tag which is no longer necessary after dependency refactoring. Change-Id: I6b21b74284d5ee94a655e4218314c3523472af16 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
		
			
				
	
	
		
			84 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
			
		
		
	
	
			84 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
| # == Class: mistral::policy
 | |
| #
 | |
| # Configure the mistral policies
 | |
| #
 | |
| # === Parameters
 | |
| #
 | |
| # [*enforce_scope*]
 | |
| #  (Optional) Whether or not to enforce scope when evaluating policies.
 | |
| #  Defaults to $facts['os_service_default'].
 | |
| #
 | |
| # [*enforce_new_defaults*]
 | |
| #  (Optional) Whether or not to use old deprecated defaults when evaluating
 | |
| #  policies.
 | |
| #  Defaults to $facts['os_service_default'].
 | |
| #
 | |
| # [*policies*]
 | |
| #   (Optional) Set of policies to configure for mistral
 | |
| #   Example :
 | |
| #     {
 | |
| #       'mistral-context_is_admin' => {
 | |
| #         'key' => 'context_is_admin',
 | |
| #         'value' => 'true'
 | |
| #       },
 | |
| #       'mistral-default' => {
 | |
| #         'key' => 'default',
 | |
| #         'value' => 'rule:admin_or_owner'
 | |
| #       }
 | |
| #     }
 | |
| #   Defaults to empty hash.
 | |
| #
 | |
| # [*policy_path*]
 | |
| #   (Optional) Path to the mistral policy.yaml file
 | |
| #   Defaults to /etc/mistral/policy.yaml
 | |
| #
 | |
| # [*policy_default_rule*]
 | |
| #   (Optional) Default rule. Enforced when a requested rule is not found.
 | |
| #   Defaults to $facts['os_service_default'].
 | |
| #
 | |
| # [*policy_dirs*]
 | |
| #   (Optional) Path to the mistral policy folder
 | |
| #   Defaults to $facts['os_service_default']
 | |
| #
 | |
| # [*purge_config*]
 | |
| #   (optional) Whether to set only the specified policy rules in the policy
 | |
| #    file.
 | |
| #    Defaults to false.
 | |
| #
 | |
| class mistral::policy (
 | |
|   $enforce_scope                    = $facts['os_service_default'],
 | |
|   $enforce_new_defaults             = $facts['os_service_default'],
 | |
|   Openstacklib::Policies $policies  = {},
 | |
|   Stdlib::Absolutepath $policy_path = '/etc/mistral/policy.yaml',
 | |
|   $policy_default_rule              = $facts['os_service_default'],
 | |
|   $policy_dirs                      = $facts['os_service_default'],
 | |
|   Boolean $purge_config             = false,
 | |
| ) {
 | |
|   include mistral::deps
 | |
|   include mistral::params
 | |
| 
 | |
|   $policy_parameters = {
 | |
|     policies     => $policies,
 | |
|     policy_path  => $policy_path,
 | |
|     file_user    => 'root',
 | |
|     file_group   => $mistral::params::group,
 | |
|     file_format  => 'yaml',
 | |
|     purge_config => $purge_config,
 | |
|   }
 | |
| 
 | |
|   create_resources('openstacklib::policy', { $policy_path => $policy_parameters })
 | |
| 
 | |
|   # policy config should occur in the config block also.
 | |
|   Anchor['mistral::config::begin']
 | |
|   -> Openstacklib::Policy[$policy_path]
 | |
|   -> Anchor['mistral::config::end']
 | |
| 
 | |
|   oslo::policy { 'mistral_config':
 | |
|     enforce_scope        => $enforce_scope,
 | |
|     enforce_new_defaults => $enforce_new_defaults,
 | |
|     policy_file          => $policy_path,
 | |
|     policy_default_rule  => $policy_default_rule,
 | |
|     policy_dirs          => $policy_dirs,
 | |
|   }
 | |
| }
 |