From c8370c2ab2a9d97dd61ecfdbe56f1bdf43963d11 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Sat, 12 Dec 2020 18:43:01 -0600 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I608d3f55dfa9b6052f92c4fd13f2aae6d714e287 --- cloudkitty/cli/status.py | 3 +++ cloudkitty/common/defaults.py | 9 +++++++++ cloudkitty/common/policy.py | 6 +++++- cloudkitty/tests/gabbi/fixtures.py | 2 +- doc/source/_static/cloudkitty.conf.sample | 2 +- doc/source/admin/configuration/policy.rst | 8 ++++++++ doc/source/admin/install/install-source.rst | 2 +- lower-constraints.txt | 4 ++-- ...ormatted-policy-file-01ceb65712fd0a39.yaml | 20 +++++++++++++++++++ requirements.txt | 4 ++-- setup.cfg | 2 +- 11 files changed, 53 insertions(+), 9 deletions(-) create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml diff --git a/cloudkitty/cli/status.py b/cloudkitty/cli/status.py index 97248934..f1a1f345 100644 --- a/cloudkitty/cli/status.py +++ b/cloudkitty/cli/status.py @@ -15,6 +15,7 @@ import sys from oslo_config import cfg +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from cloudkitty.i18n import _ @@ -38,6 +39,8 @@ class CloudkittyUpgradeChecks(upgradecheck.UpgradeCommands): _upgrade_checks = ( (_('Storage version'), _storage_version), + (_("Policy File JSON to YAML Migration"), + (common_checks.check_policy_json, {'conf': CONF})), ) diff --git a/cloudkitty/common/defaults.py b/cloudkitty/common/defaults.py index 7023beab..376f3f61 100644 --- a/cloudkitty/common/defaults.py +++ b/cloudkitty/common/defaults.py @@ -13,13 +13,22 @@ # under the License. # + +from oslo_config import cfg from oslo_middleware import cors +from oslo_policy import opts as policy_opts def set_config_defaults(): """This method updates all configuration default values.""" set_cors_middleware_defaults() + # TODO(gmann): Remove setting the default value of config policy_file + # once oslo_policy change the default value to 'policy.yaml'. + # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 + DEFAULT_POLICY_FILE = 'policy.yaml' + policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + def set_cors_middleware_defaults(): """Update default configuration options for oslo.middleware.""" diff --git a/cloudkitty/common/policy.py b/cloudkitty/common/policy.py index 8b932ed6..6ae73c7d 100644 --- a/cloudkitty/common/policy.py +++ b/cloudkitty/common/policy.py @@ -29,7 +29,11 @@ from cloudkitty.common import policies LOG = logging.getLogger(__name__) CONF = cfg.CONF -policy_opts.set_defaults(cfg.CONF, 'policy.json') +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +policy_opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) _ENFORCER = None # oslo_policy will read the policy configuration file again when the file diff --git a/cloudkitty/tests/gabbi/fixtures.py b/cloudkitty/tests/gabbi/fixtures.py index 65c2e96d..381fdac1 100644 --- a/cloudkitty/tests/gabbi/fixtures.py +++ b/cloudkitty/tests/gabbi/fixtures.py @@ -202,7 +202,7 @@ class ConfigFixture(fixture.GabbiFixture): conf.set_override('auth_strategy', self.auth_strategy) conf.set_override('connection', 'sqlite:///', 'database') conf.set_override('policy_file', - os.path.abspath('etc/cloudkitty/policy.json'), + os.path.abspath('etc/cloudkitty/policy.yaml'), group='oslo_policy') conf.set_override('api_paste_config', os.path.abspath( diff --git a/doc/source/_static/cloudkitty.conf.sample b/doc/source/_static/cloudkitty.conf.sample index 5eb27ebe..9c00a17b 100644 --- a/doc/source/_static/cloudkitty.conf.sample +++ b/doc/source/_static/cloudkitty.conf.sample @@ -1260,7 +1260,7 @@ # permissions for a given service. Relative paths must be specified in # relation to the configuration file setting this option. (string # value) -#policy_file = policy.json +#policy_file = policy.yaml # Default rule. Enforced when a requested rule is not found. (string # value) diff --git a/doc/source/admin/configuration/policy.rst b/doc/source/admin/configuration/policy.rst index 7cea6f49..28bd75f0 100644 --- a/doc/source/admin/configuration/policy.rst +++ b/doc/source/admin/configuration/policy.rst @@ -5,6 +5,14 @@ Policy configuration Configuration ~~~~~~~~~~~~~ +.. warning:: + + JSON formatted policy file is deprecated since Cloudkitty 14.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + The following is an overview of all available policies in Cloudkitty. For a sample configuration file, refer to :doc:`samples/policy-yaml`. diff --git a/doc/source/admin/install/install-source.rst b/doc/source/admin/install/install-source.rst index 8f684b6a..826806cf 100644 --- a/doc/source/admin/install/install-source.rst +++ b/doc/source/admin/install/install-source.rst @@ -24,7 +24,7 @@ Install sample configuration files:: mkdir /etc/cloudkitty tox -e genconfig cp etc/cloudkitty/cloudkitty.conf.sample /etc/cloudkitty/cloudkitty.conf - cp etc/cloudkitty/policy.json /etc/cloudkitty + cp etc/cloudkitty/policy.yaml /etc/cloudkitty cp etc/cloudkitty/api_paste.ini /etc/cloudkitty Create the log directory:: diff --git a/lower-constraints.txt b/lower-constraints.txt index d1dd8146..d40b5a17 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -18,9 +18,9 @@ oslo.i18n==5.0.1 # Apache-2.0 oslo.log==4.4.0 # Apache-2.0 oslo.messaging==12.6.0 # Apache-2.0 oslo.middleware==4.1.1 # Apache-2.0 -oslo.policy==3.5.0 # Apache-2.0 +oslo.policy==3.6.0 # Apache-2.0 oslo.utils==4.7.0 # Apache-2.0 -oslo.upgradecheck==1.2.0 # Apache-2.0 +oslo.upgradecheck==1.3.0 # Apache-2.0 python-dateutil==2.7.0 # BSD SQLAlchemy==1.3.20 # MIT six==1.15.0 # MIT diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml new file mode 100644 index 00000000..c9c53000 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-01ceb65712fd0a39.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 2fec85c5..aec4d481 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,9 +20,9 @@ oslo.i18n>=5.0.1 # Apache-2.0 oslo.log>=4.4.0 # Apache-2.0 oslo.messaging>=12.6.0 # Apache-2.0 oslo.middleware>=4.1.1 # Apache-2.0 -oslo.policy>=3.5.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 oslo.utils>=4.7.0 # Apache-2.0 -oslo.upgradecheck>=1.2.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 python-dateutil>=2.7.0 # BSD SQLAlchemy>=1.3.20 # MIT six>=1.15.0 # MIT diff --git a/setup.cfg b/setup.cfg index 9e66d4de..2c4a895f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -44,7 +44,7 @@ oslo.config.opts = cloudkitty.common.config = cloudkitty.common.config:list_opts oslo.config.opts.defaults = - cloudkitty.common.config = cloudkitty.common.defaults:set_cors_middleware_defaults + cloudkitty.common.config = cloudkitty.common.defaults:set_config_defaults cloudkitty.collector.backends = gnocchi = cloudkitty.collector.gnocchi:GnocchiCollector