Create policy.json file in Ocata for non-admin user

Non-admin user is not allowed to view host_status flag.
To get the host status, policy.json file needs to be
created as it is not available in Ocata by default.
This is created for local and fuel installer types
in this commit.

JIRA: DOCTOR-110

Change-Id: Ie626217a515f821c47b1cb6ed0e3d504d8e01b3a
Signed-off-by: Umar Farooq <umar.farooq@neclab.eu>

diff --git a/tests/lib/installers/fuel b/tests/lib/installers/fuel
index 0c56963..8586572 100644 (file)
--- a/tests/lib/installers/fuel
+++ b/tests/lib/installers/fuel
@@ -96,8 +96,15 @@ function installer_apply_patches {
                     service nova-api restart
                 fi
             else
-                # TODO(tojuvone) policy.json might not exists in Ocata.
-                echo "$np_conf does not exist!!!"
+                # policy.json does not exist in Ocata.
+                echo "$np_conf does not exist. Creating new one."
+                echo -e "{\n    \"context_is_admin\":  \"role:admin\"," > $np_conf
+                echo -e "    \"owner\" : \"user_id:%(user_id)s\"," >> $np_conf
+                echo -e "    \"admin_or_owner\": \"rule:context_is_admin or rule:owner\"," >> $np_conf
+                echo -e "    \"os_compute_api:servers:show:host_status\":  \"rule:admin_or_owner\" \n}" >> $np_conf
+                np_rm="${np_conf}-doctor-rm"
+                cp $np_conf $np_rm
+                service nova-api restart
             fi
             ' > installer_apply_patches_$node.log 2>&1
     done
@@ -167,14 +174,16 @@ function installer_revert_patches {
             fi
 
             np_conf=/etc/nova/policy.json
-            entry="os_compute_api:servers:show:host_status"
-            if [ -e $np_conf ]; then
-                np_backup="${np_conf}-doctor-saved"
-                if [ -e $np_backup ]; then
-                    cp -f $np_backup $np_conf
-                    rm $np_backup
-                    service nova-api restart
-                fi
+            np_backup="${np_conf}-doctor-saved"
+            np_rm="${np_conf}-doctor-rm"
+            if [ -e $np_backup ]; then
+                cp -f $np_backup $np_conf
+                rm $np_backup
+                service nova-api restart
+            elif [ -e $np_rm ]; then
+                rm $np_conf
+                rm $np_rm
+                service nova-api restart
             fi
             ' >> installer_apply_patches_$node.log 2>&1
     done

diff --git a/tests/lib/installers/local b/tests/lib/installers/local
index 50c3686..d628867 100644 (file)
--- a/tests/lib/installers/local
+++ b/tests/lib/installers/local
@@ -9,7 +9,42 @@ function installer_get_ssh_keys {
 }
 
 function installer_apply_patches {
-    # Noop
+    set -x
+    date
+    echo "### apply patches (installer=local)"
+    np_conf=/etc/nova/policy.json
+    if [ -e $np_conf ]; then
+        entry="os_compute_api:servers:show:host_status"
+        new="rule:admin_or_owner"
+        np_backup="${np_conf}-doctor-saved"
+        if grep -q "${entry}.*${new}" $np_conf; then
+            echo "Not modifying nova policy"
+        elif grep -q "${entry}" $np_conf; then
+            echo "modify nova policy"
+            cp $np_conf $np_backup
+            oldline=$(grep "$entry" $np_conf)
+            newline=$(echo "$oldline" | sed "s/rule.*\"/$new\"/")
+            sed -i "s/$oldline/$newline/" $np_conf
+            # TODO(umar): Update to systemd when screen is no more used for devstack
+            screen -S stack -p n-api -X stuff "^C^M^[[A^M" # restart n-api service
+        else
+            echo "add nova policy"
+            cp $np_conf $np_backup
+            sed -i "/{/a \    \"${entry}\": \"$new\"" $np_conf
+            screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+        fi
+    else
+        # policy.json does not exist in Ocata.
+        echo "$np_conf does not exist. Creating a new one"
+        echo -e '{\n    "context_is_admin":  "role:admin",' > $np_conf
+        echo -e '    "owner" : "user_id:%(user_id)s",' >> $np_conf
+        echo -e '    "admin_or_owner": "rule:context_is_admin or rule:owner",' >> $np_conf
+        echo -e '    "os_compute_api:servers:show:host_status":  "rule:admin_or_owner"\n}' >> $np_conf
+        np_rm="${np_conf}-doctor-rm"
+        cp $np_conf $np_rm
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    fi
+
     return
 }
 
@@ -31,6 +66,22 @@ function get_compute_ip_from_hostname {
 }
 
 function cleanup_installer {
-    # Noop
+    set -x
+    echo "### revert patches (installer=local)"
+    date
+
+    np_conf=/etc/nova/policy.json
+    np_backup="${np_conf}-doctor-saved"
+    np_rm="${np_conf}-doctor-rm"
+    if [ -e $np_backup ]; then
+        cp -f $np_backup $np_conf
+        rm $np_backup
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    elif [ -e $np_rm ]; then
+        rm $np_conf
+        rm $np_rm
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    fi
+
     return
 }