From 6d49dbb48acc9ac853f820677ec1f62ff27f80f0 Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Thu, 11 Jan 2018 10:39:36 +0700 Subject: [PATCH] Support policy.yaml file [part 8] - Horizon This will copy only yaml or json policy file if they exist. Change-Id: Ib8875ca54dc9dc69abc8338413f7724d9d4ecc45 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang --- ansible/roles/horizon/tasks/config.yml | 73 ++++++++++--------- ansible/roles/horizon/tasks/policy_item.yml | 22 ++++++ .../roles/horizon/templates/horizon.json.j2 | 9 +-- tools/validate-all-file.py | 4 + 4 files changed, 67 insertions(+), 41 deletions(-) create mode 100644 ansible/roles/horizon/tasks/policy_item.yml diff --git a/ansible/roles/horizon/tasks/config.yml b/ansible/roles/horizon/tasks/config.yml index 92fdeea1c5..5d0b77c12e 100644 --- a/ansible/roles/horizon/tasks/config.yml +++ b/ansible/roles/horizon/tasks/config.yml @@ -12,6 +12,39 @@ - item.value.enabled | bool with_dict: "{{ horizon_services }}" +- set_fact: + custom_policy: [] + +- include: policy_item.yml + vars: + project_name: "{{ item.name }}" + when: item.enabled | bool + with_items: + - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" } + - { name: "cinder", enabled: "{{ enable_cinder }}" } + - { name: "congress", enabled: "{{ enable_congress }}" } + - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" } + - { name: "designate", enabled: "{{ enable_horizon_designate }}" } + - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" } + - { name: "glance", enabled: "{{ enable_glance }}" } + - { name: "heat", enabled: "{{ enable_heat }}" } + - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" } + - { name: "keystone", enabled: "{{ enable_keystone }}" } + - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" } + - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" } + - { name: "manila", enabled: "{{ enable_horizon_manila }}" } + - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" } + - { name: "murano", enabled: "{{ enable_horizon_murano }}" } + - { name: "neutron", enabled: "{{ enable_neutron }}" } + - { name: "nova", enabled: "{{ enable_nova }}" } + - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" } + - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" } + - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" } + - { name: "solum", enabled: "{{ enable_horizon_solum }}" } + - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" } + - { name: "trove", enabled: "{{ enable_horizon_trove }}" } + - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" } + - name: Copying over config.json files for services become: true vars: @@ -65,51 +98,19 @@ notify: - Restart horizon container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json" - run_once: True - register: custom_policy - when: item.enabled | bool - with_items: - - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" } - - { name: "cinder", enabled: "{{ enable_cinder }}" } - - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" } - - { name: "designate", enabled: "{{ enable_horizon_designate }}" } - - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" } - - { name: "glance", enabled: "{{ enable_glance }}" } - - { name: "heat", enabled: "{{ enable_heat }}" } - - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" } - - { name: "keystone", enabled: "{{ enable_keystone }}" } - - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" } - - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" } - - { name: "manila", enabled: "{{ enable_horizon_manila }}" } - - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" } - - { name: "murano", enabled: "{{ enable_horizon_murano }}" } - - { name: "neutron", enabled: "{{ enable_neutron }}" } - - { name: "nova", enabled: "{{ enable_nova }}" } - - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" } - - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" } - - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" } - - { name: "solum", enabled: "{{ enable_horizon_solum }}" } - - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" } - - { name: "trove", enabled: "{{ enable_horizon_trove }}" } - - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" } - -- name: Copying over existing policy.json +- name: Copying over existing policy file become: true vars: horizon: "{{ horizon_services['horizon'] }}" template: - src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json" - dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json" + src: "{{ item }}" + dest: "{{ node_config_directory }}/horizon/{{ item | basename }}" mode: "0660" register: policy_jsons when: - horizon.enabled | bool - inventory_hostname in groups[horizon.group] - - item.item.enabled | bool - - item.stat.exists - with_items: "{{ custom_policy.results }}" + with_items: "{{ custom_policy }}" notify: - Restart horizon container diff --git a/ansible/roles/horizon/tasks/policy_item.yml b/ansible/roles/horizon/tasks/policy_item.yml new file mode 100644 index 0000000000..7e4e814be2 --- /dev/null +++ b/ansible/roles/horizon/tasks/policy_item.yml @@ -0,0 +1,22 @@ +--- + +# Update policy file name +- set_fact: + supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ fullpath }}" + run_once: True + register: overwritten_files + with_first_found: + - files: "{{ supported_policy_files }}" + paths: + - "{{ node_custom_config }}/horizon/" + skip: true + loop_control: + loop_var: fullpath + +- set_fact: + custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]" + when: + - overwritten_files.results diff --git a/ansible/roles/horizon/templates/horizon.json.j2 b/ansible/roles/horizon/templates/horizon.json.j2 index b50b0a0877..b565070761 100644 --- a/ansible/roles/horizon/templates/horizon.json.j2 +++ b/ansible/roles/horizon/templates/horizon.json.j2 @@ -36,13 +36,12 @@ "owner": "horizon", "perm": "0600" }, -{% for service, enabled in services if enabled | bool %} +{% for path in custom_policy %} { - "source": "{{ container_config_directory }}/{{ service }}_policy.json", - "dest": "/etc/openstack-dashboard/{{ service }}_policy.json", + "source": "{{ container_config_directory }}/{{ path | basename }}", + "dest": "/etc/openstack-dashboard/{{ path | basename }}", "owner": "horizon", - "perm": "0600", - "optional": true + "perm": "0600" }, {% endfor %} { diff --git a/tools/validate-all-file.py b/tools/validate-all-file.py index c1555466e5..f5a1207d0c 100755 --- a/tools/validate-all-file.py +++ b/tools/validate-all-file.py @@ -70,6 +70,9 @@ def check_json_j2(): def bool_filter(value): return True + def basename_filter(text): + return text.split('\\')[-1] + # Mock ansible hostvars variable, which is a nested dict def hostvars(): return collections.defaultdict(hostvars) @@ -82,6 +85,7 @@ def check_json_j2(): env = jinja2.Environment( # nosec: not used to render HTML loader=jinja2.FileSystemLoader(root)) env.filters['bool'] = bool_filter + env.filters['basename'] = basename_filter template = env.get_template(filename) # Mock ansible variables. context = {