diff --git a/cloudkitty/cli/status.py b/cloudkitty/cli/status.py index 97248934..f1a1f345 100644 --- a/cloudkitty/cli/status.py +++ b/cloudkitty/cli/status.py @@ -15,6 +15,7 @@ import sys from oslo_config import cfg +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from cloudkitty.i18n import _ @@ -38,6 +39,8 @@ class CloudkittyUpgradeChecks(upgradecheck.UpgradeCommands): _upgrade_checks = ( (_('Storage version'), _storage_version), + (_("Policy File JSON to YAML Migration"), + (common_checks.check_policy_json, {'conf': CONF})), ) diff --git a/cloudkitty/common/defaults.py b/cloudkitty/common/defaults.py index 7023beab..376f3f61 100644 --- a/cloudkitty/common/defaults.py +++ b/cloudkitty/common/defaults.py @@ -13,13 +13,22 @@ # under the License. # + +from oslo_config import cfg from oslo_middleware import cors +from oslo_policy import opts as policy_opts def set_config_defaults(): """This method updates all configuration default values.""" set_cors_middleware_defaults() + # TODO(gmann): Remove setting the default value of config policy_file + # once oslo_policy change the default value to 'policy.yaml'. + # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 + DEFAULT_POLICY_FILE = 'policy.yaml' + policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + def set_cors_middleware_defaults(): """Update default configuration options for oslo.middleware.""" diff --git a/cloudkitty/common/policy.py b/cloudkitty/common/policy.py index 8b932ed6..6ae73c7d 100644 --- a/cloudkitty/common/policy.py +++ b/cloudkitty/common/policy.py @@ -29,7 +29,11 @@ from cloudkitty.common import policies LOG = logging.getLogger(__name__) CONF = cfg.CONF -policy_opts.set_defaults(cfg.CONF, 'policy.json') +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) _ENFORCER = None # oslo_policy will read the policy configuration file again when the file diff --git a/cloudkitty/tests/gabbi/fixtures.py b/cloudkitty/tests/gabbi/fixtures.py index 65c2e96d..381fdac1 100644 --- a/cloudkitty/tests/gabbi/fixtures.py +++ b/cloudkitty/tests/gabbi/fixtures.py @@ -202,7 +202,7 @@ class ConfigFixture(fixture.GabbiFixture): conf.set_override('auth_strategy', self.auth_strategy) conf.set_override('connection', 'sqlite:///', 'database') conf.set_override('policy_file', - os.path.abspath('etc/cloudkitty/policy.json'), + os.path.abspath('etc/cloudkitty/policy.yaml'), group='oslo_policy') conf.set_override('api_paste_config', os.path.abspath( diff --git a/doc/source/_static/cloudkitty.conf.sample b/doc/source/_static/cloudkitty.conf.sample index 5eb27ebe..9c00a17b 100644 --- a/doc/source/_static/cloudkitty.conf.sample +++ b/doc/source/_static/cloudkitty.conf.sample @@ -1260,7 +1260,7 @@ # permissions for a given service. Relative paths must be specified in # relation to the configuration file setting this option. (string # value) -#policy_file = policy.json +#policy_file = policy.yaml # Default rule. Enforced when a requested rule is not found. (string # value) diff --git a/doc/source/admin/configuration/policy.rst b/doc/source/admin/configuration/policy.rst index 7cea6f49..28bd75f0 100644 --- a/doc/source/admin/configuration/policy.rst +++ b/doc/source/admin/configuration/policy.rst @@ -5,6 +5,14 @@ Policy configuration Configuration ~~~~~~~~~~~~~ +.. warning:: + + JSON formatted policy file is deprecated since Cloudkitty 14.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + The following is an overview of all available policies in Cloudkitty. For a sample configuration file, refer to :doc:`samples/policy-yaml`. diff --git a/doc/source/admin/install/install-source.rst b/doc/source/admin/install/install-source.rst index 8f684b6a..826806cf 100644 --- a/doc/source/admin/install/install-source.rst +++ b/doc/source/admin/install/install-source.rst @@ -24,7 +24,7 @@ Install sample configuration files:: mkdir /etc/cloudkitty tox -e genconfig cp etc/cloudkitty/cloudkitty.conf.sample /etc/cloudkitty/cloudkitty.conf - cp etc/cloudkitty/policy.json /etc/cloudkitty + cp etc/cloudkitty/policy.yaml /etc/cloudkitty cp etc/cloudkitty/api_paste.ini /etc/cloudkitty Create the log directory:: diff --git a/lower-constraints.txt b/lower-constraints.txt index d1dd8146..d40b5a17 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -18,9 +18,9 @@ oslo.i18n==5.0.1 # Apache-2.0 oslo.log==4.4.0 # Apache-2.0 oslo.messaging==12.6.0 # Apache-2.0 oslo.middleware==4.1.1 # Apache-2.0 -oslo.policy==3.5.0 # Apache-2.0 +oslo.policy==3.6.0 # Apache-2.0 oslo.utils==4.7.0 # Apache-2.0 -oslo.upgradecheck==1.2.0 # Apache-2.0 +oslo.upgradecheck==1.3.0 # Apache-2.0 python-dateutil==2.7.0 # BSD SQLAlchemy==1.3.20 # MIT six==1.15.0 # MIT diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml new file mode 100644 index 00000000..c9c53000 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 2fec85c5..aec4d481 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,9 +20,9 @@ oslo.i18n>=5.0.1 # Apache-2.0 oslo.log>=4.4.0 # Apache-2.0 oslo.messaging>=12.6.0 # Apache-2.0 oslo.middleware>=4.1.1 # Apache-2.0 -oslo.policy>=3.5.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 oslo.utils>=4.7.0 # Apache-2.0 -oslo.upgradecheck>=1.2.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 python-dateutil>=2.7.0 # BSD SQLAlchemy>=1.3.20 # MIT six>=1.15.0 # MIT diff --git a/setup.cfg b/setup.cfg index 9e66d4de..2c4a895f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -44,7 +44,7 @@ oslo.config.opts = cloudkitty.common.config = cloudkitty.common.config:list_opts oslo.config.opts.defaults = - cloudkitty.common.config = cloudkitty.common.defaults:set_cors_middleware_defaults + cloudkitty.common.config = cloudkitty.common.defaults:set_config_defaults cloudkitty.collector.backends = gnocchi = cloudkitty.collector.gnocchi:GnocchiCollector