Unhardocde policy file and pass proper value to oslo-policy
PROD-33618
Change-Id: Ia08a48880991e020cf6562745b42176ef76e63c7
diff --git a/heat/files/queens/heat.conf.Debian b/heat/files/queens/heat.conf.Debian
index f28c898..2e14675 100644
--- a/heat/files/queens/heat.conf.Debian
+++ b/heat/files/queens/heat.conf.Debian
@@ -1336,8 +1336,8 @@
{%- include "oslo_templates/files/queens/oslo/_database.conf" %}
[oslo_policy]
-{%- if server.policy is defined %}
-{%- set _data = server.policy %}
+{%- if server.oslo_policy is defined %}
+{%- set _data = server.oslo_policy %}
{%- include "oslo_templates/files/queens/oslo/_policy.conf" %}
{%- endif %}
diff --git a/heat/map.jinja b/heat/map.jinja
index 7da9bdb..351839f 100644
--- a/heat/map.jinja
+++ b/heat/map.jinja
@@ -12,6 +12,9 @@
'services': ['heat-api', 'heat-api-cfn', 'heat-engine'],
'notification': False,
'cors': {},
+ 'oslo_policy': {
+ 'policy_file': 'policy.json'
+ },
'clients': {},
'message_queue': {
'rpc_response_timeout': 600
@@ -33,6 +36,9 @@
'services': ['openstack-heat-api', 'openstack-heat-api-cfn', 'openstack-heat-api-cloudwatch', 'openstack-heat-engine'],
'notification': False,
'cors': {},
+ 'oslo_policy': {
+ 'policy_file': 'policy.json'
+ },
'clients': {},
'message_queue': {
'rpc_response_timeout': 600
diff --git a/heat/server.sls b/heat/server.sls
index 27763c0..402e0f6 100644
--- a/heat/server.sls
+++ b/heat/server.sls
@@ -113,12 +113,23 @@
{% endif %}
+{%- if server.version not in ["juno", "kilo", "liberty", "mitaka", "newton", "ocata", "pike"] %}
+{#- Since Queens release `policy.json` is changed to `policy.yaml`. But default option in `oslo_policy` is `policy.json` #}
+/etc/heat/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
+ file.managed:
+ - mode: 0640
+ - user: root
+ - group: heat
+ - require:
+ - pkg: heat_server_packages
+{%- endif %}
+
{%- for name, rule in server.get('policy', {}).iteritems() %}
{%- if rule != None %}
heat_keystone_rule_{{ name }}_present:
keystone_policy.rule_present:
- - path: /etc/heat/policy.json
+ - path: /etc/heat/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- name: {{ name }}
- rule: {{ rule }}
- require:
@@ -128,7 +139,7 @@
heat_keystone_rule_{{ name }}_absent:
keystone_policy.rule_absent:
- - path: /etc/heat/policy.json
+ - path: /etc/heat/{{ server.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- name: {{ name }}
- require:
- pkg: heat_server_packages