From cafd3684c3207441df3f620766020521be15ca93 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 23 Jan 2023 14:52:41 +0900
Subject: [PATCH] Expose policy_default_rule

The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I130896ce504d726d580a4a4de4059f135187d0a4
---
 manifests/inspector/policy.pp                             | 6 ++++++
 manifests/policy.pp                                       | 6 ++++++
 .../notes/policy_default_rule-b2bf3736d5006f54.yaml       | 8 ++++++++
 spec/classes/ironic_inspector_policy_spec.rb              | 2 ++
 spec/classes/ironic_policy_spec.rb                        | 2 ++
 5 files changed, 24 insertions(+)
 create mode 100644 releasenotes/notes/policy_default_rule-b2bf3736d5006f54.yaml

diff --git a/manifests/inspector/policy.pp b/manifests/inspector/policy.pp
index 9cf6a652..e88c3c42 100644
--- a/manifests/inspector/policy.pp
+++ b/manifests/inspector/policy.pp
@@ -32,6 +32,10 @@
 #   (Optional) Path to the ironic-inspector policy.yaml file
 #   Defaults to /etc/ironic-inspector/policy.yaml
 #
+# [*policy_default_rule*]
+#   (Optional) Default rule. Enforced when a requested rule is not found.
+#   Defaults to $::os_service_default.
+#
 # [*policy_dirs*]
 #   (Optional) Path to the ironic-inspector policy folder
 #   Defaults to $::os_service_default
@@ -46,6 +50,7 @@ class ironic::inspector::policy (
   $enforce_new_defaults = $::os_service_default,
   $policies             = {},
   $policy_path          = '/etc/ironic-inspector/policy.yaml',
+  $policy_default_rule  = $::os_service_default,
   $policy_dirs          = $::os_service_default,
   $purge_config         = false,
 ) {
@@ -70,6 +75,7 @@ class ironic::inspector::policy (
     enforce_scope        => $enforce_scope,
     enforce_new_defaults => $enforce_new_defaults,
     policy_file          => $policy_path,
+    policy_default_rule  => $policy_default_rule,
     policy_dirs          => $policy_dirs,
   }
 
diff --git a/manifests/policy.pp b/manifests/policy.pp
index 9adf32ac..6788c050 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -32,6 +32,10 @@
 #   (Optional) Path to the ironic policy.yaml file
 #   Defaults to /etc/ironic/policy.yaml
 #
+# [*policy_default_rule*]
+#   (Optional) Default rule. Enforced when a requested rule is not found.
+#   Defaults to $::os_service_default.
+#
 # [*policy_dirs*]
 #   (Optional) Path to the ironic policy folder
 #   Defaults to $::os_service_default
@@ -46,6 +50,7 @@ class ironic::policy (
   $enforce_new_defaults = $::os_service_default,
   $policies             = {},
   $policy_path          = '/etc/ironic/policy.yaml',
+  $policy_default_rule  = $::os_service_default,
   $policy_dirs          = $::os_service_default,
   $purge_config         = false,
 ) {
@@ -70,6 +75,7 @@ class ironic::policy (
     enforce_scope        => $enforce_scope,
     enforce_new_defaults => $enforce_new_defaults,
     policy_file          => $policy_path,
+    policy_default_rule  => $policy_default_rule,
     policy_dirs          => $policy_dirs,
   }
 
diff --git a/releasenotes/notes/policy_default_rule-b2bf3736d5006f54.yaml b/releasenotes/notes/policy_default_rule-b2bf3736d5006f54.yaml
new file mode 100644
index 00000000..b2fef762
--- /dev/null
+++ b/releasenotes/notes/policy_default_rule-b2bf3736d5006f54.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    The new ``ironic::policy::policy_default_rule`` parameter has been added.
+
+  - |
+    The new ``ironic::inspector::policy::policy_default_rule`` parameter has
+    been added.
diff --git a/spec/classes/ironic_inspector_policy_spec.rb b/spec/classes/ironic_inspector_policy_spec.rb
index 9a09a329..3bc618c0 100644
--- a/spec/classes/ironic_inspector_policy_spec.rb
+++ b/spec/classes/ironic_inspector_policy_spec.rb
@@ -9,6 +9,7 @@ describe 'ironic::inspector::policy' do
           :enforce_scope        => false,
           :enforce_new_defaults => false,
           :policy_path          => '/etc/ironic-inspector/policy.yaml',
+          :policy_default_rule  => 'default',
           :policy_dirs          => '/etc/ironic-inspector/policy.d',
           :policies             => {
             'context_is_admin' => {
@@ -37,6 +38,7 @@ describe 'ironic::inspector::policy' do
           :enforce_scope        => false,
           :enforce_new_defaults => false,
           :policy_file          => '/etc/ironic-inspector/policy.yaml',
+          :policy_default_rule  => 'default',
           :policy_dirs          => '/etc/ironic-inspector/policy.d',
         )
       end
diff --git a/spec/classes/ironic_policy_spec.rb b/spec/classes/ironic_policy_spec.rb
index 1d65fb94..1a30dc1a 100644
--- a/spec/classes/ironic_policy_spec.rb
+++ b/spec/classes/ironic_policy_spec.rb
@@ -9,6 +9,7 @@ describe 'ironic::policy' do
           :enforce_scope        => false,
           :enforce_new_defaults => false,
           :policy_path          => '/etc/ironic/policy.yaml',
+          :policy_default_rule  => 'default',
           :policy_dirs          => '/etc/ironic/policy.d',
           :policies             => {
             'context_is_admin' => {
@@ -37,6 +38,7 @@ describe 'ironic::policy' do
           :enforce_scope        => false,
           :enforce_new_defaults => false,
           :policy_file          => '/etc/ironic/policy.yaml',
+          :policy_default_rule  => 'default',
           :policy_dirs          => '/etc/ironic/policy.d',
         )
       end