From c8370c2ab2a9d97dd61ecfdbe56f1bdf43963d11 Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Sat, 12 Dec 2020 18:43:01 -0600
Subject: [PATCH] [goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I608d3f55dfa9b6052f92c4fd13f2aae6d714e287
---
 cloudkitty/cli/status.py                      |  3 +++
 cloudkitty/common/defaults.py                 |  9 +++++++++
 cloudkitty/common/policy.py                   |  6 +++++-
 cloudkitty/tests/gabbi/fixtures.py            |  2 +-
 doc/source/_static/cloudkitty.conf.sample     |  2 +-
 doc/source/admin/configuration/policy.rst     |  8 ++++++++
 doc/source/admin/install/install-source.rst   |  2 +-
 lower-constraints.txt                         |  4 ++--
 ...ormatted-policy-file-01ceb65712fd0a39.yaml | 20 +++++++++++++++++++
 requirements.txt                              |  4 ++--
 setup.cfg                                     |  2 +-
 11 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml

diff --git a/cloudkitty/cli/status.py b/cloudkitty/cli/status.py
index 97248934..f1a1f345 100644
--- a/cloudkitty/cli/status.py
+++ b/cloudkitty/cli/status.py
@@ -15,6 +15,7 @@
 import sys
 
 from oslo_config import cfg
+from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck
 
 from cloudkitty.i18n import _
@@ -38,6 +39,8 @@ class CloudkittyUpgradeChecks(upgradecheck.UpgradeCommands):
 
     _upgrade_checks = (
         (_('Storage version'), _storage_version),
+        (_("Policy File JSON to YAML Migration"),
+         (common_checks.check_policy_json, {'conf': CONF})),
     )
 
 
diff --git a/cloudkitty/common/defaults.py b/cloudkitty/common/defaults.py
index 7023beab..376f3f61 100644
--- a/cloudkitty/common/defaults.py
+++ b/cloudkitty/common/defaults.py
@@ -13,13 +13,22 @@
 #    under the License.
 #
 
+
+from oslo_config import cfg
 from oslo_middleware import cors
+from oslo_policy import opts as policy_opts
 
 
 def set_config_defaults():
     """This method updates all configuration default values."""
     set_cors_middleware_defaults()
 
+    # TODO(gmann): Remove setting the default value of config policy_file
+    # once oslo_policy change the default value to 'policy.yaml'.
+    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+    DEFAULT_POLICY_FILE = 'policy.yaml'
+    policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
+
 
 def set_cors_middleware_defaults():
     """Update default configuration options for oslo.middleware."""
diff --git a/cloudkitty/common/policy.py b/cloudkitty/common/policy.py
index 8b932ed6..6ae73c7d 100644
--- a/cloudkitty/common/policy.py
+++ b/cloudkitty/common/policy.py
@@ -29,7 +29,11 @@ from cloudkitty.common import policies
 
 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
-policy_opts.set_defaults(cfg.CONF, 'policy.json')
+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
 
 _ENFORCER = None
 # oslo_policy will read the policy configuration file again when the file
diff --git a/cloudkitty/tests/gabbi/fixtures.py b/cloudkitty/tests/gabbi/fixtures.py
index 65c2e96d..381fdac1 100644
--- a/cloudkitty/tests/gabbi/fixtures.py
+++ b/cloudkitty/tests/gabbi/fixtures.py
@@ -202,7 +202,7 @@ class ConfigFixture(fixture.GabbiFixture):
         conf.set_override('auth_strategy', self.auth_strategy)
         conf.set_override('connection', 'sqlite:///', 'database')
         conf.set_override('policy_file',
-                          os.path.abspath('etc/cloudkitty/policy.json'),
+                          os.path.abspath('etc/cloudkitty/policy.yaml'),
                           group='oslo_policy')
         conf.set_override('api_paste_config',
                           os.path.abspath(
diff --git a/doc/source/_static/cloudkitty.conf.sample b/doc/source/_static/cloudkitty.conf.sample
index 5eb27ebe..9c00a17b 100644
--- a/doc/source/_static/cloudkitty.conf.sample
+++ b/doc/source/_static/cloudkitty.conf.sample
@@ -1260,7 +1260,7 @@
 # permissions for a given service. Relative paths must be specified in
 # relation to the configuration file setting this option. (string
 # value)
-#policy_file = policy.json
+#policy_file = policy.yaml
 
 # Default rule. Enforced when a requested rule is not found. (string
 # value)
diff --git a/doc/source/admin/configuration/policy.rst b/doc/source/admin/configuration/policy.rst
index 7cea6f49..28bd75f0 100644
--- a/doc/source/admin/configuration/policy.rst
+++ b/doc/source/admin/configuration/policy.rst
@@ -5,6 +5,14 @@ Policy configuration
 Configuration
 ~~~~~~~~~~~~~
 
+.. warning::
+
+   JSON formatted policy file is deprecated since Cloudkitty 14.0.0 (Wallaby).
+   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
+   JSON-formatted policy file to YAML in a backward-compatible way.
+
+.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
+
 The following is an overview of all available policies in Cloudkitty.
 For a sample configuration file, refer to :doc:`samples/policy-yaml`.
 
diff --git a/doc/source/admin/install/install-source.rst b/doc/source/admin/install/install-source.rst
index 8f684b6a..826806cf 100644
--- a/doc/source/admin/install/install-source.rst
+++ b/doc/source/admin/install/install-source.rst
@@ -24,7 +24,7 @@ Install sample configuration files::
     mkdir /etc/cloudkitty
     tox -e genconfig
     cp etc/cloudkitty/cloudkitty.conf.sample /etc/cloudkitty/cloudkitty.conf
-    cp etc/cloudkitty/policy.json /etc/cloudkitty
+    cp etc/cloudkitty/policy.yaml /etc/cloudkitty
     cp etc/cloudkitty/api_paste.ini /etc/cloudkitty
 
 Create the log directory::
diff --git a/lower-constraints.txt b/lower-constraints.txt
index d1dd8146..d40b5a17 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -18,9 +18,9 @@ oslo.i18n==5.0.1 # Apache-2.0
 oslo.log==4.4.0 # Apache-2.0
 oslo.messaging==12.6.0 # Apache-2.0
 oslo.middleware==4.1.1 # Apache-2.0
-oslo.policy==3.5.0 # Apache-2.0
+oslo.policy==3.6.0 # Apache-2.0
 oslo.utils==4.7.0 # Apache-2.0
-oslo.upgradecheck==1.2.0 # Apache-2.0
+oslo.upgradecheck==1.3.0 # Apache-2.0
 python-dateutil==2.7.0 # BSD
 SQLAlchemy==1.3.20 # MIT
 six==1.15.0 # MIT
diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml
new file mode 100644
index 00000000..c9c53000
--- /dev/null
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml
@@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    The default value of ``[oslo_policy] policy_file`` config option has
+    been changed from ``policy.json`` to ``policy.yaml``.
+    Operators who are utilizing customized or previously generated
+    static policy JSON files (which are not needed by default), should
+    generate new policy files or convert them in YAML format. Use the
+    `oslopolicy-convert-json-to-yaml
+    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
+    tool to convert a JSON to YAML formatted policy file in
+    backward compatible way.
+deprecations:
+  - |
+    Use of JSON policy files was deprecated by the ``oslo.policy`` library
+    during the Victoria development cycle. As a result, this deprecation is
+    being noted in the Wallaby cycle with an anticipated future removal of support
+    by ``oslo.policy``. As such operators will need to convert to YAML policy
+    files. Please see the upgrade notes for details on migration of any
+    custom policy files.
diff --git a/requirements.txt b/requirements.txt
index 2fec85c5..aec4d481 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,9 +20,9 @@ oslo.i18n>=5.0.1 # Apache-2.0
 oslo.log>=4.4.0 # Apache-2.0
 oslo.messaging>=12.6.0 # Apache-2.0
 oslo.middleware>=4.1.1 # Apache-2.0
-oslo.policy>=3.5.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
 oslo.utils>=4.7.0 # Apache-2.0
-oslo.upgradecheck>=1.2.0 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
 python-dateutil>=2.7.0 # BSD
 SQLAlchemy>=1.3.20 # MIT
 six>=1.15.0 # MIT
diff --git a/setup.cfg b/setup.cfg
index 9e66d4de..2c4a895f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -44,7 +44,7 @@ oslo.config.opts =
     cloudkitty.common.config = cloudkitty.common.config:list_opts
 
 oslo.config.opts.defaults =
-    cloudkitty.common.config = cloudkitty.common.defaults:set_cors_middleware_defaults
+    cloudkitty.common.config = cloudkitty.common.defaults:set_config_defaults
 
 cloudkitty.collector.backends =
     gnocchi = cloudkitty.collector.gnocchi:GnocchiCollector