From e02a4928176cb3816074d7f8a76d6024ce3acf56 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Sat, 12 Dec 2020 19:45:36 -0600 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I066488c47e1bb6502b27b8677988113f66b9b09b --- doc/README.rst | 2 +- etc/freezer/freezer-api.conf.sample | 2 +- freezer_api/cmd/status.py | 10 ++---- freezer_api/common/config.py | 18 ++++++++++- freezer_api/policy.py | 8 +++++ freezer_api/tests/unit/cmd/test_status.py | 31 ------------------- lower-constraints.txt | 18 +++++------ ...ormatted-policy-file-d703706239831caa.yaml | 20 ++++++++++++ requirements.txt | 8 ++--- setup.cfg | 2 ++ 10 files changed, 65 insertions(+), 54 deletions(-) delete mode 100644 freezer_api/tests/unit/cmd/test_status.py create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml diff --git a/doc/README.rst b/doc/README.rst index bf97d352..008ee691 100644 --- a/doc/README.rst +++ b/doc/README.rst @@ -46,7 +46,7 @@ edit config file # sudo mkdir -p /etc/freezer # sudo cp etc/freezer/freezer-api.conf.sample /etc/freezer/freezer-api.conf # sudo cp etc/freezer/freezer-paste.ini /etc/freezer/freezer-paste.ini - # sudo cp etc/freezer/policy.json /etc/freezer/policy.json + # sudo cp etc/freezer/policy.yaml /etc/freezer/policy.yaml # sudo vi /etc/freezer/freezer-api.conf # sudo vi /etc/freezer/freezer-paste.ini diff --git a/etc/freezer/freezer-api.conf.sample b/etc/freezer/freezer-api.conf.sample index f46812cd..fc7395d4 100644 --- a/etc/freezer/freezer-api.conf.sample +++ b/etc/freezer/freezer-api.conf.sample @@ -580,7 +580,7 @@ #enforce_scope = false # The file that defines policies. (string value) -#policy_file = policy.json +#policy_file = policy.yaml # Default rule. Enforced when a requested rule is not found. (string value) #policy_default_rule = default diff --git a/freezer_api/cmd/status.py b/freezer_api/cmd/status.py index 7326a23a..1d755d8f 100644 --- a/freezer_api/cmd/status.py +++ b/freezer_api/cmd/status.py @@ -15,6 +15,7 @@ import sys from oslo_config import cfg +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from freezer_api.common._i18n import _ @@ -26,11 +27,6 @@ class Checks(upgradecheck.UpgradeCommands): and added to _upgrade_checks tuple. """ - def _check_placeholder(self): - # This is just a placeholder for upgrade checks, it should be - # removed when the actual checks are added - return upgradecheck.Result(upgradecheck.Code.SUCCESS) - # The format of the check functions is to return an # oslo_upgradecheck.upgradecheck.Result # object with the appropriate @@ -39,8 +35,8 @@ class Checks(upgradecheck.UpgradeCommands): # in the returned Result's "details" attribute. The # summary will be rolled up at the end of the check() method. _upgrade_checks = ( - # In the future there should be some real checks added here - (_('Placeholder'), _check_placeholder), + (_("Policy File JSON to YAML Migration"), + (common_checks.check_policy_json, {'conf': cfg.CONF})), ) diff --git a/freezer_api/common/config.py b/freezer_api/common/config.py index e2c01152..5acc7b73 100644 --- a/freezer_api/common/config.py +++ b/freezer_api/common/config.py @@ -19,6 +19,7 @@ import os from keystonemiddleware import opts from oslo_config import cfg from oslo_log import log +from oslo_policy import opts as policy_opts from oslo_policy import policy from freezer_api import __version__ as FREEZER_API_VERSION @@ -106,13 +107,13 @@ def parse_args(args=[]): CONF.register_group(paste_grp) CONF.register_opts(paste_deploy, group=paste_grp) log.register_options(CONF) - policy.Enforcer(CONF) default_config_files = cfg.find_config_files('freezer', 'freezer-api') CONF(args=args, project='freezer-api', default_config_files=default_config_files, version=FREEZER_API_VERSION ) + policy.Enforcer(CONF) def setup_logging(): @@ -167,3 +168,18 @@ def list_opts(): # update the current list of opts with db backend drivers opts _OPTS.update({"storage": _DB_DRIVERS}) return _OPTS.items() + + +def set_lib_defaults(): + """Update default value for configuration options from other namespace. + + Example, oslo lib config options. This is needed for + config generator tool to pick these default value changes. + https://docs.openstack.org/oslo.config/latest/cli/ + generator.html#modifying-defaults-from-other-namespaces + """ + + # TODO(gmann): Remove setting the default value of config policy_file + # once oslo_policy change the default value to 'policy.yaml'. + # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 + policy_opts.set_defaults(CONF, 'policy.yaml') diff --git a/freezer_api/policy.py b/freezer_api/policy.py index 34af9cb8..ded6537a 100644 --- a/freezer_api/policy.py +++ b/freezer_api/policy.py @@ -16,11 +16,19 @@ limitations under the License. import functools +from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy from freezer_api.common import exceptions from freezer_api.common import policies +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + ENFORCER = None diff --git a/freezer_api/tests/unit/cmd/test_status.py b/freezer_api/tests/unit/cmd/test_status.py deleted file mode 100644 index 2252fdf2..00000000 --- a/freezer_api/tests/unit/cmd/test_status.py +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2018 NEC, Corp. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import unittest - -from oslo_upgradecheck.upgradecheck import Code - -from freezer_api.cmd import status - - -class TestUpgradeChecks(unittest.TestCase): - - def setUp(self): - super(TestUpgradeChecks, self).setUp() - self.cmd = status.Checks() - - def test__check_placeholder(self): - check_result = self.cmd._check_placeholder() - self.assertEqual( - Code.SUCCESS, check_result.code) diff --git a/lower-constraints.txt b/lower-constraints.txt index 22714029..81c63bb7 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -31,16 +31,16 @@ netifaces==0.10.6 openstackdocstheme==1.31.2 os-api-ref==1.4.0 oslo.cache==1.29.0 -oslo.config==5.2.0 -oslo.context==2.19.2 +oslo.config==6.8.0 +oslo.context==2.22.0 oslo.db==4.44.0 oslo.i18n==3.15.3 oslo.log==3.36.0 oslo.middleware==3.31.0 -oslo.policy==1.30.0 +oslo.policy==3.6.0 oslo.serialization==2.25.0 -oslo.upgradecheck==0.1.0 -oslo.utils==3.36.0 +oslo.upgradecheck==1.3.0 +oslo.utils==4.5.0 oslotest==3.3.0 Paste==2.0.2 PasteDeploy==1.5.0 @@ -57,10 +57,10 @@ python-keystoneclient==3.15.0 python-mimeparse==1.6.0 python-subunit==1.2.0 pytz==2018.3 -PyYAML==3.13 +PyYAML==5.1 reno==2.5.0 -requests==2.18.4 -rfc3986==1.1.0 +requests==2.23.0 +rfc3986==1.2.0 snowballstemmer==1.2.1 Sphinx==1.8.0 sphinxcontrib-websupport==1.0.1 @@ -79,4 +79,4 @@ traceback2==1.4.0 unittest2==1.1.0 urllib3==1.22 WebOb==1.7.4 -wrapt==1.10.11 +wrapt==1.11.0 diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml new file mode 100644 index 00000000..c9c53000 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 713ff3d0..308d4454 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,12 +7,12 @@ jsonschema>=3.2.0 # MIT keystonemiddleware>=4.17.0 # Apache-2.0 Paste>=2.0.2 # MIT PasteDeploy>=1.5.0 # MIT -oslo.config>=5.2.0 # Apache-2.0 -oslo.context>=2.19.2 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 +oslo.context>=2.22.0 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.log>=3.36.0 # Apache-2.0 oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=1.30.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 oslo.serialization>=2.25.0 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 diff --git a/setup.cfg b/setup.cfg index 02f1436b..5fee6ea4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -40,6 +40,8 @@ packages = [entry_points] oslo.config.opts = freezer-api = freezer_api.common.config:list_opts +oslo.config.opts.defaults = + freezer-api = freezer_api.common.config:set_lib_defaults oslo.policy.policies = freezer-api = freezer_api.common.policies:list_rules console_scripts =