Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 4bb73a1baeafd254ca4325cde1bbba8f9e8ae186 / . / _states / keystone_policy.py
blob: e7a4a6a79841e70cda03bb5c9219b463af486c5d [file] [log] [blame]
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]1#!/usr/bin/env python
2'''
3Management of policy.json
4=========================
5
6Merge user defined hash to policy.json
7--------------------------------------
8
9.. code-block:: yaml
10
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]11 my_rule_present:
12 keystone_policy.rule_present:
13 - name: rule_name
14 - rule: rule
15 - path: /etc/keystone/policy.json
16
17 my_rule_absent:
18 keystone_policy.rule_absent:
19 - name: rule_name
20 - path: /etc/keystone/policy.json
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]21
22'''
23import logging
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]24
25log = logging.getLogger(__name__)
26
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]27
28def __virtual__():
29 return True
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]30
31
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]32def rule_present(name, rule, path, **kwargs):
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]33 '''
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]34 Ensures that the policy rule exists
35
36 :param name: Rule name
37 :param rule: Rule
38 :param path: Path to policy file
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]39 '''
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]40 rule = rule or ""
41 ret = {'name': name,
42 'changes': {},
43 'result': True,
44 'comment': 'Rule "{0}" already exists and is in correct state'.format(name)}
45 rule_check = __salt__['keystone_policy.rule_get'](name, path, **kwargs)
46 if not rule_check:
47 __salt__['keystone_policy.rule_set'](name, rule, path, **kwargs)
48 ret['comment'] = 'Rule {0} has been created'.format(name)
49 ret['changes']['Rule'] = 'Rule %s: "%s" has been created' % (name, rule)
50 elif 'Error' in rule_check:
51 ret['comment'] = rule_check.get('Error')
52 ret['result'] = False
53 elif rule_check[name] != rule:
54 __salt__['keystone_policy.rule_set'](name, rule, path, **kwargs)
55 ret['comment'] = 'Rule %s has been changed' % (name,)
56 ret['changes']['Old Rule'] = '%s: "%s"' % (name, rule_check[name])
57 ret['changes']['New Rule'] = '%s: "%s"' % (name, rule)
Dmitry Ukovf58264b2017-04-20 23:08:42 +0200[diff] [blame]58 return ret
Adam Tenglerb1ebaca2017-05-04 21:06:08 +0000[diff] [blame]59
60
61def rule_absent(name, path, **kwargs):
62 '''
63 Ensures that the policy rule does not exist
64
65 :param name: Rule name
66 :param path: Path to policy file
67 '''
68 ret = {'name': name,
69 'changes': {},
70 'result': True,
71 'comment': 'Rule "{0}" is already absent'.format(name)}
72 rule_check = __salt__['keystone_policy.rule_get'](name, path, **kwargs)
73 if rule_check:
74 __salt__['keystone_policy.rule_delete'](name, path, **kwargs)
75 ret['comment'] = 'Rule {0} has been deleted'.format(name)
76 ret['changes']['Rule'] = 'Rule %s: "%s" has been deleted' % (name, rule_check[name])
77 elif 'Error' in rule_check:
78 ret['comment'] = rule_check.get('Error')
79 ret['result'] = False
80 return ret
81