Policy.json should be defined by user
User can override and add values to policy.json by creating flat
key-value structure under cinder:controller:policy.
Change-Id: I1d58c632442cd1ffb19f2020ab9e5e63bea975a9
diff --git a/.kitchen.yml b/.kitchen.yml
index bf95612..be889a8 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -14,6 +14,10 @@
formula: cinder
grains:
noservices: True
+ dependencies:
+ - name: keystone
+ repo: git
+ source: https://github.com/salt-formulas/salt-formula-keystone
state_top:
base:
"*":
diff --git a/README.rst b/README.rst
index 3296d86..4cdd914 100644
--- a/README.rst
+++ b/README.rst
@@ -168,6 +168,18 @@
wipe_method: shred
...
+Configuration of policy.json file
+
+.. code-block:: yaml
+
+ cinder:
+ controller:
+ ....
+ policy:
+ 'volume:delete': 'rule:admin_or_owner'
+ # Add key without value to remove line from policy.json
+ 'volume:extend':
+
Default Cinder setup with iSCSI target
diff --git a/cinder/controller.sls b/cinder/controller.sls
index a50a3ca..759c108 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -22,6 +22,30 @@
- require:
- pkg: cinder_controller_packages
+{%- for name, rule in controller.get('policy', {}).iteritems() %}
+
+{%- if rule != None %}
+rule_{{ name }}_present:
+ keystone_policy.rule_present:
+ - path: /etc/cinder/policy.json
+ - name: {{ name }}
+ - rule: {{ rule }}
+ - require:
+ - pkg: cinder_controller_packages
+
+{%- else %}
+
+rule_{{ name }}_absent:
+ keystone_policy.rule_absent:
+ - path: /etc/cinder/policy.json
+ - name: {{ name }}
+ - require:
+ - pkg: cinder_controller_packages
+
+{%- endif %}
+
+{%- endfor %}
+
{%- if controller.version == 'ocata' %}
/etc/apache2/conf-available/cinder-wsgi.conf:
@@ -158,4 +182,4 @@
{%- endif %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}
diff --git a/metadata.yml b/metadata.yml
index a16c24e..3a8709d 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,6 @@
name: "cinder"
version: "2016.4.1"
source: "https://github.com/salt-formulas/salt-formula-cinder"
+dependencies:
+ - name: keystone
+ source: "https://github.com/salt-formulas/salt-formula-keystone"
diff --git a/tests/pillar/ceph_single.sls b/tests/pillar/ceph_single.sls
index 79838a2..d996ad2 100644
--- a/tests/pillar/ceph_single.sls
+++ b/tests/pillar/ceph_single.sls
@@ -40,6 +40,9 @@
name: cinder
user: cinder
password: pwd
+ policy:
+ 'volume:delete': 'rule:admin_or_owner'
+ 'volume:extend':
volume:
enabled: true
version: liberty
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 62bb44b..4ab6e8e 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -51,3 +51,6 @@
audit:
filter_factory: 'keystonemiddleware.audit:filter_factory'
map_file: '/etc/pycadf/cinder_api_audit_map.conf'
+ policy:
+ 'volume:delete': 'rule:admin_or_owner'
+ 'volume:extend':
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index ef2136a..ac8db5a 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -36,3 +36,6 @@
port: 22
user: username
password: pass
+ policy:
+ 'volume:delete': 'rule:admin_or_owner'
+ 'volume:extend':