From 9038a5baddeae8400c7fb04a4a2ab03a38c06ad8 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Sat, 5 Feb 2022 19:47:15 +0900
Subject: [PATCH] privsep: Allow customizing section name

Some components uses sections not following the current name template
(privsep_${section}) to register oslo.privsep parameters. For example
nova registers the parameters to the nova_sys_admin section.

This change allows overriding the section name to deal with such cases.

Change-Id: Icaf88ebaaf72d6810d9ded119a9998538eb09869
---
 manifests/privsep.pp                              | 13 +++++++++----
 .../oslo-privsep-section-f577879ae1dba66c.yaml    |  6 ++++++
 spec/defines/oslo_privsep_spec.rb                 | 15 +++++++++++++++
 3 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml

diff --git a/manifests/privsep.pp b/manifests/privsep.pp
index 6958ffc..1cc5760 100644
--- a/manifests/privsep.pp
+++ b/manifests/privsep.pp
@@ -14,6 +14,10 @@
 # [*config*]
 #  (Required) Configuration file to manage. (string value)
 #
+# [*config_group*]
+#  (Optional) Name of the section in which the parameters are set. (string value)
+#  Defaults to "privsep_${entrypoint}"
+#
 # [*user*]
 #  (Optional) User that the privsep daemon should run as. (string value)
 #  Defaults to $::os_service_default.
@@ -42,6 +46,7 @@
 define oslo::privsep (
   $config,
   $entrypoint     = $name,
+  $config_group   = "privsep_${entrypoint}",
   $user           = $::os_service_default,
   $group          = $::os_service_default,
   $capabilities   = $::os_service_default,
@@ -49,10 +54,10 @@ define oslo::privsep (
 ) {
 
   $privsep_options = {
-    "privsep_${entrypoint}/user"           => { value => $user },
-    "privsep_${entrypoint}/group"          => { value => $group },
-    "privsep_${entrypoint}/capabilities"   => { value => $capabilities },
-    "privsep_${entrypoint}/helper_command" => { value => $helper_command },
+    "${config_group}/user"           => { value => $user },
+    "${config_group}/group"          => { value => $group },
+    "${config_group}/capabilities"   => { value => $capabilities },
+    "${config_group}/helper_command" => { value => $helper_command },
   }
 
   create_resources($config, $privsep_options)
diff --git a/releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml b/releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml
new file mode 100644
index 0000000..4063957
--- /dev/null
+++ b/releasenotes/notes/oslo-privsep-section-f577879ae1dba66c.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The new ``oslo::privsep::config_group`` parameter has been added. This
+    parameter can be used to add parameters to the section different from
+    the default ``privsep_${entrypoint}`` section.
diff --git a/spec/defines/oslo_privsep_spec.rb b/spec/defines/oslo_privsep_spec.rb
index 8aaecf7..9bf6ab9 100644
--- a/spec/defines/oslo_privsep_spec.rb
+++ b/spec/defines/oslo_privsep_spec.rb
@@ -37,6 +37,21 @@ describe 'oslo::privsep' do
       end
     end
 
+    context 'with config group' do
+      before do
+        params.merge!({
+          :config_group => 'mysection'
+        })
+      end
+
+      it 'configure oslo_privsep default params' do
+        is_expected.to contain_keystone_config('mysection/user').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/group').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/capabilities').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('mysection/helper_command').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
   end
 
   on_supported_os({