Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / barbican / 2c00c9a6de92d8bf934cd75df974edb88ec0cf7c^! / .
commit2c00c9a6de92d8bf934cd75df974edb88ec0cf7c[log] [tgz]
authorIvan Berezovskiy <iberezovskiy@mirantis.com>Wed Oct 02 19:21:02 2019 +0400
committerIvan Berezovskiy <iberezovskiy@mirantis.com>Wed Oct 02 16:52:59 2019 +0000
tree18f68024163ad66927439c92c6b65dae65e96b9e
parent6408f59ef782fc0266659e3c9be348109283243d [diff]
Unhardocde policy file and pass proper value to oslo-policy

PROD-33618

Change-Id: I652fa07b46508731219f5feb88057e4204cdeb07

diff --git a/barbican/files/queens/barbican.conf.Debian b/barbican/files/queens/barbican.conf.Debian
index 6c19844..8f30026 100644
--- a/barbican/files/queens/barbican.conf.Debian
+++ b/barbican/files/queens/barbican.conf.Debian

@@ -341,8 +341,8 @@
 {%- include "oslo_templates/files/queens/oslo/_middleware.conf" %}
 
 [oslo_policy]
-{%- if server.policy is defined %}
-{%- set _data = server.policy %}
+{%- if server.oslo_policy is defined %}
+{%- set _data = server.oslo_policy %}
 {%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
 {%- endif %}
 

diff --git a/barbican/map.jinja b/barbican/map.jinja
index ceab199..b6856ce 100644
--- a/barbican/map.jinja
+++ b/barbican/map.jinja

@@ -19,6 +19,8 @@
     log_handlers:
       watchedfile:
         enabled: true
+  oslo_policy:
+    policy_file: 'policy.json'
 Debian:
   pkgs:
   - barbican-api

diff --git a/barbican/server.sls b/barbican/server.sls
index a840e4b..d79683b 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls

@@ -57,11 +57,22 @@
     - pkg: barbican_server_packages
     - sls: barbican.db.offline_sync
 
+{%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
+{#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #}
+/etc/barbican/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
+  file.managed:
+    - mode: 0640
+    - user: root
+    - group: barbican
+    - require:
+      - pkg: barbican_server_packages
+{%- endif %}
+
 {%- for name, rule in server.get('policy', {}).items() %}
   {%- if rule != None %}
 barbican_keystone_rule_{{ name }}_present:
   keystone_policy.rule_present:
-  - path: /etc/barbican/policy.json
+  - path: /etc/barbican/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
   - name: {{ name }}
   - rule: "{{ rule }}"
   - require:
@@ -69,7 +80,7 @@
   {%- else %}
 barbican_keystone_rule_{{ name }}_absent:
   keystone_policy.rule_absent:
-  - path: /etc/barbican/policy.json
+  - path: /etc/barbican/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
   - name: {{ name }}
   - require:
     - pkg: barbican_server_packages