Unhardocde policy file path
PROD-33618
Change-Id: Idc043ccdf018c40daf9d6c7e2023dac5d7990cb7
diff --git a/glance/map.jinja b/glance/map.jinja
index 2d82750..8ee8c95 100644
--- a/glance/map.jinja
+++ b/glance/map.jinja
@@ -21,7 +21,7 @@
'default_notification_exchange': 'glance'
},
'oslo_policy': {
- 'policy_file': '/etc/glance/policy.json'
+ 'policy_file': 'policy.json'
},
'logging': {
'app_name': 'glance',
@@ -62,7 +62,7 @@
'default_notification_exchange': 'glance'
},
'oslo_policy': {
- 'policy_file': '/etc/glance/policy.json'
+ 'policy_file': 'policy.json'
},
'logging': {
'app_name': 'glance',
diff --git a/glance/server.sls b/glance/server.sls
index 27ceeb2..cb2de00 100644
--- a/glance/server.sls
+++ b/glance/server.sls
@@ -394,12 +394,23 @@
- service: glance_services
{%- endif %}
+{%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
+{#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #}
+/etc/glance/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
+ file.managed:
+ - mode: 0640
+ - user: root
+ - group: glance
+ - require:
+ - pkg: glance_packages
+{%- endif %}
+
{%- for name, rule in server.get('policy', {}).items() %}
{%- if rule != None %}
glance_keystone_rule_{{ name }}_present:
keystone_policy.rule_present:
- - path: /etc/glance/policy.json
+ - path: /etc/glance/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- name: {{ name }}
- rule: {{ rule }}
- require:
@@ -409,7 +420,7 @@
glance_keystone_rule_{{ name }}_absent:
keystone_policy.rule_absent:
- - path: /etc/glance/policy.json
+ - path: /etc/glance/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- name: {{ name }}
- require:
- pkg: glance_packages