From 76dadb96e17e4d066facf0a185a1032e40b980f7 Mon Sep 17 00:00:00 2001
From: Umar Farooq <umar.farooq@neclab.eu>
Date: Mon, 29 May 2017 18:42:43 +0000
Subject: [PATCH] Create policy.json file in Ocata for non-admin user

Non-admin user is not allowed to view host_status flag.
To get the host status, policy.json file needs to be
created as it is not available in Ocata by default.
This is created for local and fuel installer types
in this commit.

JIRA: DOCTOR-110

Change-Id: Ie626217a515f821c47b1cb6ed0e3d504d8e01b3a
Signed-off-by: Umar Farooq <umar.farooq@neclab.eu>
---
 tests/lib/installers/fuel  | 29 +++++++++++++++---------
 tests/lib/installers/local | 55 ++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 72 insertions(+), 12 deletions(-)

diff --git a/tests/lib/installers/fuel b/tests/lib/installers/fuel
index 0c56963c..85865720 100644
--- a/tests/lib/installers/fuel
+++ b/tests/lib/installers/fuel
@@ -96,8 +96,15 @@ function installer_apply_patches {
                     service nova-api restart
                 fi
             else
-                # TODO(tojuvone) policy.json might not exists in Ocata.
-                echo "$np_conf does not exist!!!"
+                # policy.json does not exist in Ocata.
+                echo "$np_conf does not exist. Creating new one."
+                echo -e "{\n    \"context_is_admin\":  \"role:admin\"," > $np_conf
+                echo -e "    \"owner\" : \"user_id:%(user_id)s\"," >> $np_conf
+                echo -e "    \"admin_or_owner\": \"rule:context_is_admin or rule:owner\"," >> $np_conf
+                echo -e "    \"os_compute_api:servers:show:host_status\":  \"rule:admin_or_owner\" \n}" >> $np_conf
+                np_rm="${np_conf}-doctor-rm"
+                cp $np_conf $np_rm
+                service nova-api restart
             fi
             ' > installer_apply_patches_$node.log 2>&1
     done
@@ -167,14 +174,16 @@ function installer_revert_patches {
             fi
 
             np_conf=/etc/nova/policy.json
-            entry="os_compute_api:servers:show:host_status"
-            if [ -e $np_conf ]; then
-                np_backup="${np_conf}-doctor-saved"
-                if [ -e $np_backup ]; then
-                    cp -f $np_backup $np_conf
-                    rm $np_backup
-                    service nova-api restart
-                fi
+            np_backup="${np_conf}-doctor-saved"
+            np_rm="${np_conf}-doctor-rm"
+            if [ -e $np_backup ]; then
+                cp -f $np_backup $np_conf
+                rm $np_backup
+                service nova-api restart
+            elif [ -e $np_rm ]; then
+                rm $np_conf
+                rm $np_rm
+                service nova-api restart
             fi
             ' >> installer_apply_patches_$node.log 2>&1
     done
diff --git a/tests/lib/installers/local b/tests/lib/installers/local
index 50c3686f..d628867a 100644
--- a/tests/lib/installers/local
+++ b/tests/lib/installers/local
@@ -9,7 +9,42 @@ function installer_get_ssh_keys {
 }
 
 function installer_apply_patches {
-    # Noop
+    set -x
+    date
+    echo "### apply patches (installer=local)"
+    np_conf=/etc/nova/policy.json
+    if [ -e $np_conf ]; then
+        entry="os_compute_api:servers:show:host_status"
+        new="rule:admin_or_owner"
+        np_backup="${np_conf}-doctor-saved"
+        if grep -q "${entry}.*${new}" $np_conf; then
+            echo "Not modifying nova policy"
+        elif grep -q "${entry}" $np_conf; then
+            echo "modify nova policy"
+            cp $np_conf $np_backup
+            oldline=$(grep "$entry" $np_conf)
+            newline=$(echo "$oldline" | sed "s/rule.*\"/$new\"/")
+            sed -i "s/$oldline/$newline/" $np_conf
+            # TODO(umar): Update to systemd when screen is no more used for devstack
+            screen -S stack -p n-api -X stuff "^C^M^[[A^M" # restart n-api service
+        else
+            echo "add nova policy"
+            cp $np_conf $np_backup
+            sed -i "/{/a \    \"${entry}\": \"$new\"" $np_conf
+            screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+        fi
+    else
+        # policy.json does not exist in Ocata.
+        echo "$np_conf does not exist. Creating a new one"
+        echo -e '{\n    "context_is_admin":  "role:admin",' > $np_conf
+        echo -e '    "owner" : "user_id:%(user_id)s",' >> $np_conf
+        echo -e '    "admin_or_owner": "rule:context_is_admin or rule:owner",' >> $np_conf
+        echo -e '    "os_compute_api:servers:show:host_status":  "rule:admin_or_owner"\n}' >> $np_conf
+        np_rm="${np_conf}-doctor-rm"
+        cp $np_conf $np_rm
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    fi
+
     return
 }
 
@@ -31,6 +66,22 @@ function get_compute_ip_from_hostname {
 }
 
 function cleanup_installer {
-    # Noop
+    set -x
+    echo "### revert patches (installer=local)"
+    date
+
+    np_conf=/etc/nova/policy.json
+    np_backup="${np_conf}-doctor-saved"
+    np_rm="${np_conf}-doctor-rm"
+    if [ -e $np_backup ]; then
+        cp -f $np_backup $np_conf
+        rm $np_backup
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    elif [ -e $np_rm ]; then
+        rm $np_conf
+        rm $np_rm
+        screen -S stack -p n-api -X stuff "^C^M^[[A^M"
+    fi
+
     return
 }
-- 
2.16.6