Merge "Update cinder policy management"
diff --git a/README.rst b/README.rst
index 3261f4e..6b33e7a 100644
--- a/README.rst
+++ b/README.rst
@@ -1029,6 +1029,21 @@
use_default_quota_class: true
per_volume_size_limit: 100
+
+Change default service policy configuration:
+============================================
+
+.. code-block:: yaml
+
+ cinder:
+ controller:
+ policy:
+ context_is_admin: 'role:admin'
+ admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
+ # Add key without value to remove line from policy.json
+ volume:create:
+
+
Upgrades
========
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 01b73df..a808ca7 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -181,8 +181,7 @@
{% endif %}
-{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
-{#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #}
+{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
/etc/cinder/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
file.managed:
- mode: 0640
@@ -202,6 +201,9 @@
- rule: {{ rule }}
- require:
- pkg: cinder_controller_packages
+ {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
+ - file: /etc/cinder/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+ {%- endif %}
{%- else %}
@@ -211,6 +213,9 @@
- name: {{ name }}
- require:
- pkg: cinder_controller_packages
+ {%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata"] %}
+ - file: /etc/cinder/{{ controller.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+ {%- endif %}
{%- endif %}