blob: 4028932e4fddead1770124b424a64b29f9074091 [file] [log] [blame]
Dmitry Ukovf58264b2017-04-20 23:08:42 +02001#!/usr/bin/env python
2'''
3Management of policy.json
4=========================
5
6Merge user defined hash to policy.json
7--------------------------------------
8
9.. code-block:: yaml
10
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000011 my_rule_present:
12 keystone_policy.rule_present:
13 - name: rule_name
14 - rule: rule
15 - path: /etc/keystone/policy.json
16
17 my_rule_absent:
18 keystone_policy.rule_absent:
19 - name: rule_name
20 - path: /etc/keystone/policy.json
Dmitry Ukovf58264b2017-04-20 23:08:42 +020021
22'''
23import logging
Dmitry Ukovf58264b2017-04-20 23:08:42 +020024
25log = logging.getLogger(__name__)
26
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000027
28def __virtual__():
29 return True
Dmitry Ukovf58264b2017-04-20 23:08:42 +020030
31
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000032def rule_present(name, rule, path, **kwargs):
Dmitry Ukovf58264b2017-04-20 23:08:42 +020033 '''
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000034 Ensures that the policy rule exists
Pavlo Shchelokovskyyf2970782018-08-30 16:38:25 +030035
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000036 :param name: Rule name
37 :param rule: Rule
38 :param path: Path to policy file
Dmitry Ukovf58264b2017-04-20 23:08:42 +020039 '''
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000040 rule = rule or ""
41 ret = {'name': name,
42 'changes': {},
43 'result': True,
44 'comment': 'Rule "{0}" already exists and is in correct state'.format(name)}
45 rule_check = __salt__['keystone_policy.rule_get'](name, path, **kwargs)
46 if not rule_check:
Pavlo Shchelokovskyyf2970782018-08-30 16:38:25 +030047 if __opts__.get('test'):
48 ret['result'] = None
49 ret['comment'] = 'Rule {0} will be created'.format(name)
50 else:
51 __salt__['keystone_policy.rule_set'](name, rule, path, **kwargs)
52 ret['comment'] = 'Rule {0} has been created'.format(name)
53 ret['changes']['Rule'] = 'Rule %s: "%s" has been created' % (name, rule)
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000054 elif 'Error' in rule_check:
55 ret['comment'] = rule_check.get('Error')
56 ret['result'] = False
57 elif rule_check[name] != rule:
Pavlo Shchelokovskyyf2970782018-08-30 16:38:25 +030058 if __opts__.get('test'):
59 ret['result'] = None
60 ret['comment'] = 'Rule %s will be changed' % (name,)
61 else:
62 __salt__['keystone_policy.rule_set'](name, rule, path, **kwargs)
63 ret['comment'] = 'Rule %s has been changed' % (name,)
64 ret['changes']['Old Rule'] = '%s: "%s"' % (name, rule_check[name])
65 ret['changes']['New Rule'] = '%s: "%s"' % (name, rule)
Dmitry Ukovf58264b2017-04-20 23:08:42 +020066 return ret
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000067
68
69def rule_absent(name, path, **kwargs):
70 '''
71 Ensures that the policy rule does not exist
72
73 :param name: Rule name
74 :param path: Path to policy file
75 '''
76 ret = {'name': name,
77 'changes': {},
78 'result': True,
79 'comment': 'Rule "{0}" is already absent'.format(name)}
80 rule_check = __salt__['keystone_policy.rule_get'](name, path, **kwargs)
81 if rule_check:
Pavlo Shchelokovskyyf2970782018-08-30 16:38:25 +030082 if __opts__.get('test'):
83 ret['result'] = None
84 ret['comment'] = 'Rule {0} will be deleted'.format(name)
Oleh Hryhorov70910f02018-09-11 11:24:46 +030085 else:
Pavlo Shchelokovskyyf2970782018-08-30 16:38:25 +030086 __salt__['keystone_policy.rule_delete'](name, path, **kwargs)
87 ret['comment'] = 'Rule {0} has been deleted'.format(name)
88 ret['changes']['Rule'] = 'Rule %s: "%s" has been deleted' % (name, rule_check[name])
Adam Tenglerb1ebaca2017-05-04 21:06:08 +000089 elif 'Error' in rule_check:
90 ret['comment'] = rule_check.get('Error')
91 ret['result'] = False
92 return ret
93
Martin Polreiche98edbd2019-11-25 16:09:24 +010094def export_policy_grains(name, path, **kwargs):
95 '''
96 Export policy rules from file to grains
97
98 :param name: Grain name
99 :param path: Path to policy file
100 '''
101 ret = {'name': name,
102 'changes': {},
103 'result': True,
104 'comment': 'No changes for grain %s' % (name)}
105 rules = __salt__['keystone_policy.rule_list'](path, False, **kwargs)
106 if __opts__.get('test'):
107 ret['result'] = None
108 ret['comment'] = 'Rules %s will be exported to grain %s' % (rules, name)
109 else:
110 __salt__['grains.setval'](name, rules, **kwargs)
111 ret['comment'] = 'Rules have been exported to grain %s' %(name)
112 ret['changes']['Rules'] = 'Rules have been exported: %s' % (rules)
113 return ret