Manage policy.json based on default file and user vars
Overview
########
The policy.json file default files in the Openstack projects are set and not touched in the ansible playbooks. Adding the ability to edit, update and customize these files and policies through configuration management will add flexibility to the deployment and allow it to cover a variety of use cases. This will help deployers meet the needs of operators in an efficient manner.
Problem Description
-------------------
Currently, the policy.json files for all Openstack projects is a flat file that is simply dropped into place. This means that updating the file requires users to either
- modify the files post deployment (really cumbersome) or
- create local and specific changes to the policy.json for the given use case
Both of these require significant upkeep between releases of both Openstack and the playbooks
Proposed Change
---------------
The proposed change is to create an ansible module based off of the ansible template core module.
This module will combine policy.json and user provided variables into a json object then compare this to the json object found in the deployed policy.json file.
If the comparison reveals and differences, the newly created json object will replace the currenlty deployed policy.json.
Playbook Impact
---------------
A new ansible module will be added and used in all playbooks handling policy.json files
Alternatives
------------
- Use the normal templating module but this will require a lot of upkeep/variables as each of the Openstack projects often have significant changes between versions.
- Give people ability to specify separate file whether it be local or remote. User experience is degraded and they end up needing to handle changes between versions manually.
Security Impact
---------------
Incorrect policies could give end users too many or too few permissions.
Performance Impact
------------------
None
End User Impact
---------------
The actions that end users are allowed to take will now be determined by the new policy.json instead of the default configuration.
Deployer Impact
---------------
Deployer will be able to set key/value pairs in policy.json as they see fit or leave it as the default.
Developer Impact
----------------
None
Dependencies
------------
Parts of this blueprint are related to:
https:/
but not strictly dependent
Documentation Impact
-------
Documentation will be required to explain the mechanism by which the templating is working.
References
----------
None
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Daniel Curran
- Direction:
- Approved
- Assignee:
- Daniel Curran
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Kevin Carter
- Completed by
- Kevin Carter
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Managing policy file with default file and user variables.
Addressed by: https:/
Applying copy_update to all policy.json files
Addressed by: https:/
Applying copy_update to all policy.json files