Custom policy files

Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.

Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862

ansible/roles/aodh/tasks/config.yml

@@ -45,3 +45,14 @@
     dest: "{{ node_config_directory }}/{{ item }}/wsgi-aodh.conf"
   with_items:
     - "aodh-api"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/aodh/policy.json"
+  register: aodh_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/aodh/policy.json"
+    dest: "{{ node_config_directory }}/aodh/policy.json"
+  when:
+    aodh_policy.stat.exists

ansible/roles/barbican/tasks/config.yml

@@ -51,3 +51,14 @@
     - "barbican-api"
     - "barbican-keystone-listener"
     - "barbican-worker"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
+  register: barbican_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/barbican/policy.json"
+    dest: "{{ node_config_directory }}/barbican/policy.json"
+  when:
+    barbican_policy.stat.exists

ansible/roles/ceilometer/tasks/config.yml

@@ -59,3 +59,14 @@
     - "event_definitions.yaml"
     - "event_pipeline.yaml"
     - "pipeline.yaml"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/ceilometer/policy.json"
+  register: ceilometer_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/ceilometer/policy.json"
+    dest: "{{ node_config_directory }}/ceilometer/policy.json"
+  when:
+    ceilometer_policy.stat.exist

ansible/roles/cinder/tasks/config.yml

@@ -38,3 +38,14 @@
     - "cinder-backup"
     - "cinder-scheduler"
     - "cinder-volume"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/cinder/policy.json"
+  register: cinder_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/cinder/policy.json"
+    dest: "{{ node_config_directory }}/cinder/policy.json"
+  when:
+    cinder_policy.stat.exists

ansible/roles/cloudkitty/tasks/config.yml

@@ -32,3 +32,14 @@
   with_items:
     - "cloudkitty-api"
     - "cloudkitty-processor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
+  register: cloudkitty_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/cloudkitty/policy.json"
+    dest: "{{ node_config_directory }}/cloudkitty/policy.json"
+  when:
+    cloudkitty_policy.stat.exists

ansible/roles/congress/tasks/config.yml

@@ -35,3 +35,14 @@
     - "congress-api"
     - "congress-policy-engine"
     - "congress-datasource"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/congress/policy.json"
+  register: congress_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/congress/policy.json"
+    dest: "{{ node_config_directory }}/congress/policy.json"
+  when:
+    congress_policy.stat.exists

ansible/roles/glance/tasks/config.yml

@@ -29,3 +29,14 @@
     dest: "{{ node_config_directory }}/{{ item.service }}/{{ item.service }}.conf"
   when: inventory_hostname in groups[item.group]
   with_items: "{{ glance_service_groups }}"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/glance/policy.json"
+  register: glance_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/glance/policy.json"
+    dest: "{{ node_config_directory }}/glance/policy.json"
+  when:
+    glance_policy.stat.exists

ansible/roles/gnocchi/tasks/config.yml

@@ -50,3 +50,14 @@
     dest: "{{ node_config_directory }}/{{ item }}/wsgi-gnocchi.conf"
   with_items:
     - "gnocchi-api"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/gnocchi/policy.json"
+  register: gnocchi_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/gnocchi/policy.json"
+    dest: "{{ node_config_directory }}/gnocchi/policy.json"
+  when:
+    gnocchi_policy.stat.exists

ansible/roles/heat/tasks/config.yml

@@ -42,3 +42,14 @@
     - "heat-api"
     - "heat-api-cfn"
     - "heat-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/heat/policy.json"
+  register: heat_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/heat/policy.json"
+    dest: "{{ node_config_directory }}/heat/policy.json"
+  when:
+    heat_policy.stat.exists

ansible/roles/ironic/tasks/config.yml

@@ -37,3 +37,14 @@
     - "ironic-api"
     - "ironic-conductor"
     - "ironic-inspector"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/ironic/policy.json"
+  register: ironic_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/ironic/policy.json"
+    dest: "{{ node_config_directory }}/ironic/policy.json"
+  when:
+    ironic_policy.stat.exists

ansible/roles/keystone/tasks/config.yml

 ---
-- name: Check if Policies shall be overwritten
+- name: Check if policies shall be overwritten
   local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
   register: keystone_policy
 

ansible/roles/kuryr/tasks/config.yml

@@ -23,3 +23,14 @@
   template:
     src: "kuryr.spec.j2"
     dest: "{{ node_config_directory }}/kuryr/kuryr.spec"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/kuryr/policy.json"
+  register: kuryr_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/kuryr/policy.json"
+    dest: "{{ node_config_directory }}/kuryr/policy.json"
+  when:
+    kuryr_policy.stat.exists

ansible/roles/magnum/tasks/config.yml

@@ -32,3 +32,14 @@
   with_items:
     - "magnum-api"
     - "magnum-conductor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/magnum/policy.json"
+  register: magnum_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/magnum/policy.json"
+    dest: "{{ node_config_directory }}/magnum/policy.json"
+  when:
+    magnum_policy.stat.exists

ansible/roles/manila/tasks/config.yml

@@ -52,3 +52,14 @@
     dest: "{{ node_config_directory }}/{{ item }}/manila.conf"
   with_items:
     - "manila-share"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/manila/policy.json"
+  register: manila_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/manila/policy.json"
+    dest: "{{ node_config_directory }}/manila/policy.json"
+  when:
+    manila_policy.stat.exists

ansible/roles/mistral/tasks/config.yml

@@ -35,3 +35,14 @@
     - "mistral-api"
     - "mistral-engine"
     - "mistral-executor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/mistral/policy.json"
+  register: mistral_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/mistral/policy.json"
+    dest: "{{ node_config_directory }}/mistral/policy.json"
+  when:
+    mistral_policy.stat.exists

ansible/roles/murano/tasks/config.yml

@@ -32,3 +32,14 @@
   with_items:
     - "murano-api"
     - "murano-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/murano/policy.json"
+  register: murano_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/murano/policy.json"
+    dest: "{{ node_config_directory }}/murano/policy.json"
+  when:
+    murano_policy.stat.exists

ansible/roles/neutron/tasks/config.yml

@@ -183,3 +183,14 @@
     dest: "{{ node_config_directory }}/{{ item }}/vpnaas_agent.ini"
   with_items:
     - "neutron-vpnaas-agent"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/neutron/policy.json"
+  register: neutron_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/neutron/policy.json"
+    dest: "{{ node_config_directory }}/neutron/policy.json"
+  when:
+    neutron_policy.stat.exists

ansible/roles/nova/tasks/config.yml

@@ -83,3 +83,14 @@
     - { src: "id_rsa", dest: "id_rsa" }
     - { src: "id_rsa.pub", dest: "id_rsa.pub" }
     - { src: "ssh_config.j2", dest: "ssh_config" }
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/nova/policy.json"
+  register: nova_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/nova/policy.json"
+    dest: "{{ node_config_directory }}/nova/policy.json"
+  when:
+    nova_policy.stat.exists

ansible/roles/rally/tasks/config.yml

@@ -24,3 +24,14 @@
     dest: "{{ node_config_directory }}/{{ item }}/rally.conf"
   with_items:
     - "rally"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/rally/policy.json"
+  register: rally_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/rally/policy.json"
+    dest: "{{ node_config_directory }}/rally/policy.json"
+  when:
+    rally_policy.stat.exists

ansible/roles/sahara/tasks/config.yml

@@ -32,3 +32,14 @@
   with_items:
     - "sahara-api"
     - "sahara-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/sahara/policy.json"
+  register: sahara_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/sahara/policy.json"
+    dest: "{{ node_config_directory }}/sahara/policy.json"
+  when:
+    sahara_policy.stat.exists