From fdfefa93605a506a3862210811108800df32afa0 Mon Sep 17 00:00:00 2001
From: Dai Dang Van <daidv@vn.fujitsu.com>
Date: Tue, 24 Oct 2017 15:49:05 +0700
Subject: [PATCH] Support policy.yaml file for Aodh

This will copy both of yaml or json policy file
if it exists

Change-Id: Ie5e03e0307d239f1079d2522e353367f7f954e77
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
---
 ansible/group_vars/all.yml                    |  5 ++
 ansible/roles/aodh/handlers/main.yml          | 16 +++---
 ansible/roles/aodh/tasks/config.yml           | 54 +++++++++++--------
 ansible/roles/aodh/templates/aodh-api.json.j2 | 11 ++--
 .../aodh/templates/aodh-evaluator.json.j2     | 11 ++--
 .../aodh/templates/aodh-listener.json.j2      | 11 ++--
 .../aodh/templates/aodh-notifier.json.j2      | 11 ++--
 ansible/roles/aodh/templates/aodh.conf.j2     |  4 ++
 8 files changed, 70 insertions(+), 53 deletions(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 9e43567cb1..3eb02f2938 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -330,6 +330,11 @@ openstack_logging_debug: "False"
 
 openstack_region_name: "RegionOne"
 
+# A list of policy file formats that are supported by Oslo.policy
+supported_policy_format_list:
+  - policy.yaml
+  - policy.json
+
 # In the context of multi-regions, list here the name of all your regions.
 multiple_regions_names:
     - "{{ openstack_region_name }}"
diff --git a/ansible/roles/aodh/handlers/main.yml b/ansible/roles/aodh/handlers/main.yml
index 9cce8c6ba8..1f12b7f87f 100644
--- a/ansible/roles/aodh/handlers/main.yml
+++ b/ansible/roles/aodh/handlers/main.yml
@@ -5,7 +5,7 @@
     service: "{{ aodh_services[service_name] }}"
     config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_api_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or aodh_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or aodh_conf_wsgi.changed | bool
       or aodh_api_container.changed | bool
 
@@ -29,7 +29,7 @@
     service: "{{ aodh_services[service_name] }}"
     config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_evaluator_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -43,7 +43,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or aodh_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or aodh_evaluator_container.changed | bool
 
 - name: Restart aodh-listener container
@@ -52,7 +52,7 @@
     service: "{{ aodh_services[service_name] }}"
     config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_listener_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -66,7 +66,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or aodh_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or aodh_listener_container.changed | bool
 
 - name: Restart aodh-notifier container
@@ -75,7 +75,7 @@
     service: "{{ aodh_services[service_name] }}"
     config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     aodh_notifier_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -89,5 +89,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or aodh_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or aodh_notifier_container.changed | bool
diff --git a/ansible/roles/aodh/tasks/config.yml b/ansible/roles/aodh/tasks/config.yml
index 36565fcbf4..996fc57f76 100644
--- a/ansible/roles/aodh/tasks/config.yml
+++ b/ansible/roles/aodh/tasks/config.yml
@@ -9,6 +9,39 @@
     - inventory_hostname in groups[item.value.group]
   with_dict: "{{ aodh_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: aodh_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/aodh/"
+      skip: true
+
+- name: Set aodh polify file
+  set_fact:
+    aodh_policy_file: "{{ aodh_policy.results.0.stat.path | basename }}"
+    aodh_policy_file_path: "{{ aodh_policy.results.0.stat.path }}"
+  when:
+    - aodh_policy.results
+
+- name: Copying over existing policy file
+  template:
+    src: "{{ aodh_policy_file_path }}"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ aodh_policy_file }}"
+  register: aodh_policy_overwriting
+  when:
+    - aodh_policy_file is defined
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ aodh_services }}"
+  notify:
+    - Restart aodh-api container
+    - Restart aodh-evaluator container
+    - Restart aodh-listener container
+    - Restart aodh-notifier container
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -59,27 +92,6 @@
   notify:
     - Restart aodh-api container
 
-- name: Check if policies shall be overwritten
-  local_action: stat path="{{ node_custom_config }}/aodh/policy.json"
-  run_once: True
-  register: aodh_policy
-
-- name: Copying over existing policy.json
-  template:
-    src: "{{ node_custom_config }}/aodh/policy.json"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
-  register: aodh_policy_jsons
-  when:
-    - aodh_policy.stat.exists
-    - inventory_hostname in groups[item.value.group]
-    - item.value.enabled | bool
-  with_dict: "{{ aodh_services }}"
-  notify:
-    - Restart aodh-api container
-    - Restart aodh-evaluator container
-    - Restart aodh-listener container
-    - Restart aodh-notifier container
-
 - name: Check aodh containers
   kolla_docker:
     action: "compare_container"
diff --git a/ansible/roles/aodh/templates/aodh-api.json.j2 b/ansible/roles/aodh/templates/aodh-api.json.j2
index f18d5a5723..f9aa6cdfb0 100644
--- a/ansible/roles/aodh/templates/aodh-api.json.j2
+++ b/ansible/roles/aodh/templates/aodh-api.json.j2
@@ -14,14 +14,13 @@
             "dest": "/etc/{{ aodh_dir }}/wsgi-aodh.conf",
             "owner": "root",
             "perm": "0600"
-        },
+        }{% if aodh_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/aodh/policy.json",
+            "source": "{{ container_config_directory }}/{{ aodh_policy_file }}",
+            "dest": "/etc/aodh/{{ aodh_policy_file }}",
             "owner": "aodh",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
        {
diff --git a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 b/ansible/roles/aodh/templates/aodh-evaluator.json.j2
index 9f9b4aaf6e..995802a8b4 100644
--- a/ansible/roles/aodh/templates/aodh-evaluator.json.j2
+++ b/ansible/roles/aodh/templates/aodh-evaluator.json.j2
@@ -6,14 +6,13 @@
             "dest": "/etc/aodh/aodh.conf",
             "owner": "aodh",
             "perm": "0600"
-        },
+        }{% if aodh_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/aodh/policy.json",
+            "source": "{{ container_config_directory }}/{{ aodh_policy_file }}",
+            "dest": "/etc/aodh/{{ aodh_policy_file }}",
             "owner": "aodh",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/aodh/templates/aodh-listener.json.j2 b/ansible/roles/aodh/templates/aodh-listener.json.j2
index afd2173336..31d1af6c92 100644
--- a/ansible/roles/aodh/templates/aodh-listener.json.j2
+++ b/ansible/roles/aodh/templates/aodh-listener.json.j2
@@ -6,14 +6,13 @@
             "dest": "/etc/aodh/aodh.conf",
             "owner": "aodh",
             "perm": "0600"
-        },
+        }{% if aodh_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/aodh/policy.json",
+            "source": "{{ container_config_directory }}/{{ aodh_policy_file }}",
+            "dest": "/etc/aodh/{{ aodh_policy_file }}",
             "owner": "aodh",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/aodh/templates/aodh-notifier.json.j2 b/ansible/roles/aodh/templates/aodh-notifier.json.j2
index 9ab985bb1b..49339eaa36 100644
--- a/ansible/roles/aodh/templates/aodh-notifier.json.j2
+++ b/ansible/roles/aodh/templates/aodh-notifier.json.j2
@@ -6,14 +6,13 @@
             "dest": "/etc/aodh/aodh.conf",
             "owner": "aodh",
             "perm": "0600"
-        },
+        }{% if aodh_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/aodh/policy.json",
+            "source": "{{ container_config_directory }}/{{ aodh_policy_file }}",
+            "dest": "/etc/aodh/{{ aodh_policy_file }}",
             "owner": "aodh",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index bdd408779c..b16d4fc311 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -28,6 +28,10 @@ password = {{ aodh_keystone_password }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
 
+{% if aodh_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ aodh_policy_file }}
+{% endif %}
 
 [service_credentials]
 auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3