From b6936383da7d78692a11830bf655b893eef63da9 Mon Sep 17 00:00:00 2001
From: Nenad Radojevic <nradojevic@evoila.de>
Date: Tue, 19 Jul 2016 13:53:44 +0000
Subject: [PATCH] Configurable policy.json for keystone
Copy custom policy.json into keystone container
Change-Id: I58787c3dd7adbeff47d0898c23db95f5919510d3
Closes-Bug: #1604431
---
ansible/roles/keystone/tasks/config.yml | 11 +++++++++++
ansible/roles/keystone/templates/keystone.json.j2 | 7 +++++++
2 files changed, 18 insertions(+)
diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml
index e64a8d7df..12c3f47eb 100644
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@@ -1,4 +1,8 @@
---
+- name: Check if Policies shall be overwritten
+ local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
+ register: keystone_policy
+
- name: Check if Keystone Domain specific settings enabled
local_action: stat path="{{ node_custom_config }}/keystone/domains"
register: keystone_domain_cfg
@@ -49,6 +53,13 @@
with_fileglob:
- "{{ node_custom_config }}/keystone/domains/*"
+- name: Copying over existing policy.json
+ template:
+ src: "{{ node_custom_config }}/keystone/policy.json"
+ dest: "{{ node_config_directory }}/keystone/policy.json"
+ when:
+ keystone_policy.stat.exists
+
- name: Copying over wsgi-keystone.conf
template:
src: "wsgi-keystone.conf.j2"
diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index 21cc9559e..acd507ff8 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -16,6 +16,13 @@
"perm": "0600",
"optional": true
},
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/keystone/policy.json",
+ "owner": "keystone",
+ "perm": "0600",
+ "optional": true
+ },
{
"source": "{{ container_config_directory }}/wsgi-keystone.conf",
"dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
--
GitLab