Puppet Class: aodh::policy

Defined in:
manifests/policy.pp

Overview

Class: aodh::policy

Configure the aodh policies

Parameters

enforce_scope

(Optional) Whether or not to enforce scope when evaluating policies. Defaults to $facts.

enforce_new_defaults

(Optional) Whether or not to use old deprecated defaults when evaluating policies. Defaults to $facts.

policies

(Optional) Set of policies to configure for aodh Example :

{
  'aodh-context_is_admin' => {
    'key' => 'context_is_admin',
    'value' => 'true'
  },
  'aodh-default' => {
    'key' => 'default',
    'value' => 'rule:admin_or_owner'
  }
}

Defaults to empty hash.

policy_path

(Optional) Path to the aodh policy.yaml file Defaults to /etc/aodh/policy.yaml

policy_default_rule

(Optional) Default rule. Enforced when a requested rule is not found. Defaults to $facts.

policy_dirs

(Optional) Path to the aodh policy folder Defaults to $facts

purge_config

(optional) Whether to set only the specified policy rules in the policy

file.
Defaults to false.

Parameters:

  • enforce_scope (Any) (defaults to: $facts['os_service_default'])
  • enforce_new_defaults (Any) (defaults to: $facts['os_service_default'])
  • policies (Hash) (defaults to: {})
  • policy_path (Any) (defaults to: '/etc/aodh/policy.yaml')
  • policy_default_rule (Any) (defaults to: $facts['os_service_default'])
  • policy_dirs (Any) (defaults to: $facts['os_service_default'])
  • purge_config (Boolean) (defaults to: false) 


48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'manifests/policy.pp', line 48

class aodh::policy (
  $enforce_scope        = $facts['os_service_default'],
  $enforce_new_defaults = $facts['os_service_default'],
  Hash $policies        = {},
  $policy_path          = '/etc/aodh/policy.yaml',
  $policy_default_rule  = $facts['os_service_default'],
  $policy_dirs          = $facts['os_service_default'],
  Boolean $purge_config = false,
) {

  include aodh::deps
  include aodh::params

  $policy_parameters = {
    policies     => $policies,
    policy_path  => $policy_path,
    file_user    => 'root',
    file_group   => $::aodh::params::group,
    file_format  => 'yaml',
    purge_config => $purge_config,
  }

  create_resources('openstacklib::policy', { $policy_path => $policy_parameters })

  # policy config should occur in the config block also.
  Anchor['aodh::config::begin']
  -> Openstacklib::Policy[$policy_path]
  -> Anchor['aodh::config::end']

  oslo::policy { 'aodh_config':
    enforce_scope        => $enforce_scope,
    enforce_new_defaults => $enforce_new_defaults,
    policy_file          => $policy_path,
    policy_default_rule  => $policy_default_rule,
    policy_dirs          => $policy_dirs,
  }
}