Configurable policy.json for keystone

Copy custom policy.json into keystone container Change-Id: I58787c3dd7adbeff47d0898c23db95f5919510d3 Closes-Bug: #1604431

Configurable policy.json for keystone
b6936383 · Nenad Radojevic · 85300a4f · b6936383 · b6936383
Commit b6936383 authored 8 years ago by Nenad Radojevic
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
 ---
+- name: Check if Policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
+  register: keystone_policy
 - name: Check if Keystone Domain specific settings enabled
  local_action: stat path="{{ node_custom_config }}/keystone/domains"
  register: keystone_domain_cfg
@@ -49,6 +53,13 @@
  with_fileglob:
    - "{{ node_custom_config }}/keystone/domains/*"
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/keystone/policy.json"
+    dest: "{{ node_config_directory }}/keystone/policy.json"
+  when:
+    keystone_policy.stat.exists
 - name: Copying over wsgi-keystone.conf
  template:
    src: "wsgi-keystone.conf.j2"

--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -16,6 +16,13 @@
            "perm": "0600",
            "optional": true
        },
+        {
+            "source": "{{ container_config_directory }}/policy.json",
+            "dest": "/etc/keystone/policy.json",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",