Only implement policy.json if an override is configured

With I810b6cb6bba2d95cc5bb477d6e2968ac1734c96b merged there
is no longer a default policy.json file in the venv, so we
need to change how we implement the file, and should only do
so if there is a config override configured for it.

If there is no policy override configured, but a policy.json
file is present, then it's likely left over from a previous
build. To ensure that we do not carry legacy configuration
files which override the policy-in-code we remove the legacy
file. This is done on restart to ensure that the policy still
applies until the code is updated.

Change-Id: Ib3447cd5b0bcada4cdf82d9e4a9fe5160299f9c3

handlers/main.yml

@@ -42,6 +42,16 @@
     group: "{{ cinder_system_group_name }}"
     mode: "0640"
     remote_src: yes
+  when:
+    - cinder_policy_overrides != {}
+  listen: Restart cinder services
+
+- name: Remove legacy policy.json file
+  file:
+    path: "/etc/cinder/policy.json"
+    state: absent
+  when:
+    - cinder_policy_overrides == {}
   listen: Restart cinder services
 
 - name: Start services

tasks/cinder_post_install.yml

@@ -39,14 +39,17 @@
       dest: "/etc/cinder/rootwrap.conf"
       config_overrides: "{{ cinder_rootwrap_conf_overrides }}"
       config_type: "ini"
-    - src: "policy.json.j2"
-      dest: "/etc/cinder/policy.json-{{ cinder_venv_tag }}"
-      config_overrides: "{{ cinder_policy_overrides }}"
-      config_type: "json"
   notify:
     - Manage LB
     - Restart cinder services
 
+- name: Implement policy.json if there are overrides configured
+  copy:
+    content: "{{ cinder_policy_overrides | to_nice_json }}"
+    dest: "/etc/cinder/policy.json-{{ cinder_venv_tag }}"
+  when:
+    - cinder_policy_overrides != {}
+
 - name: Ensure cinder tgt include
   lineinfile:
     dest: /etc/tgt/targets.conf