openstack/kolla-ansible
Code Issues Proposed changes

Merge "Support policy.yaml file [part 8]"

Browse Source
This commit is contained in:
Zuul 2018-01-24 14:07:54 +00:00 committed by Gerrit Code Review
commit 3318cbd19b
4 changed files with 67 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
ansible/roles/horizon/tasks/config.yml
View File

@ -12,6 +12,39 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ horizon_services }}" with_dict: "{{ horizon_services }}"
- set_fact:
custom_policy: []
- include: policy_item.yml
vars:
project_name: "{{ item.name }}"
when: item.enabled | bool
with_items:
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "congress", enabled: "{{ enable_congress }}" }
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true
vars: vars:
@ -65,51 +98,19 @@
notify: notify:
- Restart horizon container - Restart horizon container
- name: Check if policies shall be overwritten - name: Copying over existing policy file
local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json"
run_once: True
register: custom_policy
when: item.enabled | bool
with_items:
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
- name: Copying over existing policy.json
become: true become: true
vars: vars:
horizon: "{{ horizon_services['horizon'] }}" horizon: "{{ horizon_services['horizon'] }}"
template: template:
src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json" src: "{{ item }}"
dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json" dest: "{{ node_config_directory }}/horizon/{{ item | basename }}"
mode: "0660" mode: "0660"
register: policy_jsons register: policy_jsons
when: when:
- horizon.enabled | bool - horizon.enabled | bool
- inventory_hostname in groups[horizon.group] - inventory_hostname in groups[horizon.group]
- item.item.enabled | bool with_items: "{{ custom_policy }}"
- item.stat.exists
with_items: "{{ custom_policy.results }}"
notify: notify:
- Restart horizon container - Restart horizon container

22
ansible/roles/horizon/tasks/policy_item.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Update policy file name
- set_fact:
supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ fullpath }}"
run_once: True
register: overwritten_files
with_first_found:
- files: "{{ supported_policy_files }}"
paths:
- "{{ node_custom_config }}/horizon/"
skip: true
loop_control:
loop_var: fullpath
- set_fact:
custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]"
when:
- overwritten_files.results

9
ansible/roles/horizon/templates/horizon.json.j2
View File

@ -36,13 +36,12 @@
"owner": "horizon", "owner": "horizon",
"perm": "0600" "perm": "0600"
}, },
{% for service, enabled in services if enabled | bool %} {% for path in custom_policy %}
{ {
"source": "{{ container_config_directory }}/{{ service }}_policy.json", "source": "{{ container_config_directory }}/{{ path | basename }}",
"dest": "/etc/openstack-dashboard/{{ service }}_policy.json", "dest": "/etc/openstack-dashboard/{{ path | basename }}",
"owner": "horizon", "owner": "horizon",
"perm": "0600", "perm": "0600"
"optional": true
}, },
{% endfor %} {% endfor %}
{ {

4
tools/validate-all-file.py
View File

@ -70,6 +70,9 @@ def check_json_j2():
def bool_filter(value): def bool_filter(value):
return True return True
def basename_filter(text):
return text.split('\\')[-1]
# Mock ansible hostvars variable, which is a nested dict # Mock ansible hostvars variable, which is a nested dict
def hostvars(): def hostvars():
return collections.defaultdict(hostvars) return collections.defaultdict(hostvars)
@ -82,6 +85,7 @@ def check_json_j2():
env = jinja2.Environment( # nosec: not used to render HTML env = jinja2.Environment( # nosec: not used to render HTML
loader=jinja2.FileSystemLoader(root)) loader=jinja2.FileSystemLoader(root))
env.filters['bool'] = bool_filter env.filters['bool'] = bool_filter
env.filters['basename'] = basename_filter
template = env.get_template(filename) template = env.get_template(filename)
# Mock ansible variables. # Mock ansible variables.
context = { context = {