Puppet Class: glance::property_protection

Defined in:
manifests/property_protection.pp

Overview

Class: glance::property_protection

Configure property protection

Parameters

property_protection_rule_format

(Optional) Rule format for property protection. Defaults to undef

rules

(Optional) Property protection rules Defaults to undef

purge_config

(Optional) Whether to set only the specified config options in the property protections config. Defaults to false.

Parameters:

  • property_protection_rule_format (Optional[Enum['roles', 'policies']]) (defaults to: undef)
  • rules (Hash[String[1], Hash]) (defaults to: {})
  • purge_config (Boolean) (defaults to: false) 


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'manifests/property_protection.pp', line 20

class glance::property_protection(
  Optional[Enum['roles', 'policies']] $property_protection_rule_format = undef,
  Hash[String[1], Hash] $rules                                         = {},
  Boolean $purge_config                                                = false,
) {

  include glance::deps
  include glance::params

  resources { 'glance_property_protections_config':
    purge => $purge_config,
  }

  case $property_protection_rule_format {
    'roles', 'policies': {
      glance_api_config {
        'DEFAULT/property_protection_file':        value => '/etc/glance/property-protections.conf';
        'DEFAULT/property_protection_rule_format': value => $property_protection_rule_format;
      }

      # NOTE(tkajinam): property-protections.conf is not installed by
      # the packages so create the file in advance.
      file { '/etc/glance/property-protections.conf':
        ensure  => 'file',
        owner   => 'root',
        group   => $::glance::params::group,
        mode    => '0640',
        require => Anchor['glance::config::begin'],
        notify  => Anchor['glance::config::end'],
      }

      $rules.each |$key, $value| {
        $value_override = $value['value'] ? {
          undef   => {},
          default => {'value' => join(any2array($value['value']), ',')},
        }

        create_resources(
          'glance_property_protections_config',
          { $key =>  merge($value, $value_override)}
        )
      }

      File['/etc/glance/property-protections.conf'] -> Glance_property_protections_config<||>
    }
    default: {
      glance_api_config {
        'DEFAULT/property_protection_file':        value => $facts['os_service_default'];
        'DEFAULT/property_protection_rule_format': value => $facts['os_service_default'];
      }

      file { '/etc/glance/property-protections.conf':
        ensure  => absent,
        require => Anchor['glance::config::begin'],
        notify  => Anchor['glance::config::end'],
      }
    }
  }
}