From 6d49dbb48acc9ac853f820677ec1f62ff27f80f0 Mon Sep 17 00:00:00 2001
From: Dai Dang Van <daidv@vn.fujitsu.com>
Date: Thu, 11 Jan 2018 10:39:36 +0700
Subject: [PATCH] Support policy.yaml file [part 8]

- Horizon

This will copy only yaml or json policy file if they exist.

Change-Id: Ib8875ca54dc9dc69abc8338413f7724d9d4ecc45
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
---
 ansible/roles/horizon/tasks/config.yml        | 73 ++++++++++---------
 ansible/roles/horizon/tasks/policy_item.yml   | 22 ++++++
 .../roles/horizon/templates/horizon.json.j2   |  9 +--
 tools/validate-all-file.py                    |  4 +
 4 files changed, 67 insertions(+), 41 deletions(-)
 create mode 100644 ansible/roles/horizon/tasks/policy_item.yml

diff --git a/ansible/roles/horizon/tasks/config.yml b/ansible/roles/horizon/tasks/config.yml
index 92fdeea1c5..5d0b77c12e 100644
--- a/ansible/roles/horizon/tasks/config.yml
+++ b/ansible/roles/horizon/tasks/config.yml
@@ -12,6 +12,39 @@
     - item.value.enabled | bool
   with_dict: "{{ horizon_services }}"
 
+- set_fact:
+   custom_policy: []
+
+- include: policy_item.yml
+  vars:
+    project_name: "{{ item.name }}"
+  when: item.enabled | bool
+  with_items:
+    - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
+    - { name: "cinder", enabled: "{{ enable_cinder }}" }
+    - { name: "congress", enabled: "{{ enable_congress }}" }
+    - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
+    - { name: "designate", enabled: "{{ enable_horizon_designate }}" }
+    - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
+    - { name: "glance", enabled: "{{ enable_glance }}" }
+    - { name: "heat", enabled: "{{ enable_heat }}" }
+    - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
+    - { name: "keystone", enabled: "{{ enable_keystone }}" }
+    - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
+    - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
+    - { name: "manila", enabled: "{{ enable_horizon_manila }}" }
+    - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
+    - { name: "murano", enabled: "{{ enable_horizon_murano }}" }
+    - { name: "neutron", enabled: "{{ enable_neutron }}" }
+    - { name: "nova", enabled: "{{ enable_nova }}" }
+    - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
+    - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
+    - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
+    - { name: "solum", enabled: "{{ enable_horizon_solum }}" }
+    - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
+    - { name: "trove", enabled: "{{ enable_horizon_trove }}" }
+    - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
+
 - name: Copying over config.json files for services
   become: true
   vars:
@@ -65,51 +98,19 @@
   notify:
     - Restart horizon container
 
-- name: Check if policies shall be overwritten
-  local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json"
-  run_once: True
-  register: custom_policy
-  when: item.enabled | bool
-  with_items:
-    - { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
-    - { name: "cinder", enabled: "{{ enable_cinder }}" }
-    - { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
-    - { name: "designate", enabled: "{{ enable_horizon_designate }}" }
-    - { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
-    - { name: "glance", enabled: "{{ enable_glance }}" }
-    - { name: "heat", enabled: "{{ enable_heat }}" }
-    - { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
-    - { name: "keystone", enabled: "{{ enable_keystone }}" }
-    - { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
-    - { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
-    - { name: "manila", enabled: "{{ enable_horizon_manila }}" }
-    - { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
-    - { name: "murano", enabled: "{{ enable_horizon_murano }}" }
-    - { name: "neutron", enabled: "{{ enable_neutron }}" }
-    - { name: "nova", enabled: "{{ enable_nova }}" }
-    - { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
-    - { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
-    - { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
-    - { name: "solum", enabled: "{{ enable_horizon_solum }}" }
-    - { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
-    - { name: "trove", enabled: "{{ enable_horizon_trove }}" }
-    - { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
   become: true
   vars:
     horizon: "{{ horizon_services['horizon'] }}"
   template:
-    src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json"
-    dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json"
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/horizon/{{ item | basename }}"
     mode: "0660"
   register: policy_jsons
   when:
     - horizon.enabled | bool
     - inventory_hostname in groups[horizon.group]
-    - item.item.enabled | bool
-    - item.stat.exists
-  with_items: "{{ custom_policy.results }}"
+  with_items: "{{ custom_policy }}"
   notify:
     - Restart horizon container
 
diff --git a/ansible/roles/horizon/tasks/policy_item.yml b/ansible/roles/horizon/tasks/policy_item.yml
new file mode 100644
index 0000000000..7e4e814be2
--- /dev/null
+++ b/ansible/roles/horizon/tasks/policy_item.yml
@@ -0,0 +1,22 @@
+---
+
+# Update policy file name
+- set_fact:
+    supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ fullpath }}"
+  run_once: True
+  register: overwritten_files
+  with_first_found:
+    - files: "{{ supported_policy_files }}"
+      paths:
+        - "{{ node_custom_config }}/horizon/"
+      skip: true
+  loop_control:
+    loop_var: fullpath
+
+- set_fact:
+    custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]"
+  when:
+    - overwritten_files.results
diff --git a/ansible/roles/horizon/templates/horizon.json.j2 b/ansible/roles/horizon/templates/horizon.json.j2
index b50b0a0877..b565070761 100644
--- a/ansible/roles/horizon/templates/horizon.json.j2
+++ b/ansible/roles/horizon/templates/horizon.json.j2
@@ -36,13 +36,12 @@
             "owner": "horizon",
             "perm": "0600"
         },
-{% for service, enabled in services if enabled | bool %}
+{% for path in custom_policy %}
         {
-            "source": "{{ container_config_directory }}/{{ service }}_policy.json",
-            "dest": "/etc/openstack-dashboard/{{ service }}_policy.json",
+            "source": "{{ container_config_directory }}/{{ path | basename }}",
+            "dest": "/etc/openstack-dashboard/{{ path | basename }}",
             "owner": "horizon",
-            "perm": "0600",
-            "optional": true
+            "perm": "0600"
         },
 {% endfor %}
         {
diff --git a/tools/validate-all-file.py b/tools/validate-all-file.py
index c1555466e5..f5a1207d0c 100755
--- a/tools/validate-all-file.py
+++ b/tools/validate-all-file.py
@@ -70,6 +70,9 @@ def check_json_j2():
     def bool_filter(value):
         return True
 
+    def basename_filter(text):
+        return text.split('\\')[-1]
+
     # Mock ansible hostvars variable, which is a nested dict
     def hostvars():
         return collections.defaultdict(hostvars)
@@ -82,6 +85,7 @@ def check_json_j2():
         env = jinja2.Environment(  # nosec: not used to render HTML
             loader=jinja2.FileSystemLoader(root))
         env.filters['bool'] = bool_filter
+        env.filters['basename'] = basename_filter
         template = env.get_template(filename)
         # Mock ansible variables.
         context = {
-- 
GitLab