Add keystone_policy.export_policy_grains state
- Allows expoting policy rules from file to grains
Related: PROD-34126
Change-Id: I4ac488aa740e97e479e29991d991f7bb8b8e349e
diff --git a/_modules/keystone_policy.py b/_modules/keystone_policy.py
index f3cf8ee..9c4a5ef 100644
--- a/_modules/keystone_policy.py
+++ b/_modules/keystone_policy.py
@@ -58,10 +58,13 @@
return True
-def rule_list(path, **kwargs):
+def rule_list(path, ordered_dict = True, **kwargs):
try:
with io.open(path, 'r') as file_handle:
- rules = yaml.load(file_handle, OrderedDictYAMLLoader) or OrderedDict()
+ if ordered_dict:
+ rules = yaml.load(file_handle, OrderedDictYAMLLoader) or OrderedDict()
+ else:
+ rules = yaml.safe_load(file_handle) or {}
except Exception as e:
msg = "Unable to load policy file %s: %s" % (path, repr(e))
LOG.debug(msg)
diff --git a/_states/keystone_policy.py b/_states/keystone_policy.py
index a97640d..4028932 100644
--- a/_states/keystone_policy.py
+++ b/_states/keystone_policy.py
@@ -91,3 +91,23 @@
ret['result'] = False
return ret
+def export_policy_grains(name, path, **kwargs):
+ '''
+ Export policy rules from file to grains
+
+ :param name: Grain name
+ :param path: Path to policy file
+ '''
+ ret = {'name': name,
+ 'changes': {},
+ 'result': True,
+ 'comment': 'No changes for grain %s' % (name)}
+ rules = __salt__['keystone_policy.rule_list'](path, False, **kwargs)
+ if __opts__.get('test'):
+ ret['result'] = None
+ ret['comment'] = 'Rules %s will be exported to grain %s' % (rules, name)
+ else:
+ __salt__['grains.setval'](name, rules, **kwargs)
+ ret['comment'] = 'Rules have been exported to grain %s' %(name)
+ ret['changes']['Rules'] = 'Rules have been exported: %s' % (rules)
+ return ret