[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I066488c47e1bb6502b27b8677988113f66b9b09b
2020-12-12 19:45:36 -06:00 · 2020-12-12 19:45:36 -06:00 · e02a492817
parent d971f29f28
commit e02a492817
10 changed files with 65 additions and 54 deletions
--- a/doc/README.rst
+++ b/doc/README.rst
@ -46,7 +46,7 @@ edit config file
  # sudo mkdir -p /etc/freezer
  # sudo cp etc/freezer/freezer-api.conf.sample /etc/freezer/freezer-api.conf
  # sudo cp etc/freezer/freezer-paste.ini /etc/freezer/freezer-paste.ini
-  # sudo cp etc/freezer/policy.json /etc/freezer/policy.json
+  # sudo cp etc/freezer/policy.yaml /etc/freezer/policy.yaml
  # sudo vi /etc/freezer/freezer-api.conf
  # sudo vi /etc/freezer/freezer-paste.ini

--- a/etc/freezer/freezer-api.conf.sample
+++ b/etc/freezer/freezer-api.conf.sample
@ -580,7 +580,7 @@
 #enforce_scope = false

 # The file that defines policies. (string value)
-#policy_file = policy.json
+#policy_file = policy.yaml

 # Default rule. Enforced when a requested rule is not found. (string value)
 #policy_default_rule = default
--- a/freezer_api/cmd/status.py
+++ b/freezer_api/cmd/status.py
@ -15,6 +15,7 @@
 import sys

 from oslo_config import cfg
+from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck

 from freezer_api.common._i18n import _
@ -26,11 +27,6 @@ class Checks(upgradecheck.UpgradeCommands):
    and added to _upgrade_checks tuple.
    """

-    def _check_placeholder(self):
-        # This is just a placeholder for upgrade checks, it should be
-        # removed when the actual checks are added
-        return upgradecheck.Result(upgradecheck.Code.SUCCESS)
-
    # The format of the check functions is to return an
    # oslo_upgradecheck.upgradecheck.Result
    # object with the appropriate
@ -39,8 +35,8 @@ class Checks(upgradecheck.UpgradeCommands):
    # in the returned Result's "details" attribute. The
    # summary will be rolled up at the end of the check() method.
    _upgrade_checks = (
-        # In the future there should be some real checks added here
-        (_('Placeholder'), _check_placeholder),
+        (_("Policy File JSON to YAML Migration"),
+         (common_checks.check_policy_json, {'conf': cfg.CONF})),
    )


--- a/freezer_api/common/config.py
+++ b/freezer_api/common/config.py
@ -19,6 +19,7 @@ import os
 from keystonemiddleware import opts
 from oslo_config import cfg
 from oslo_log import log
+from oslo_policy import opts as policy_opts
 from oslo_policy import policy

 from freezer_api import __version__ as FREEZER_API_VERSION
@ -106,13 +107,13 @@ def parse_args(args=[]):
    CONF.register_group(paste_grp)
    CONF.register_opts(paste_deploy, group=paste_grp)
    log.register_options(CONF)
-    policy.Enforcer(CONF)
    default_config_files = cfg.find_config_files('freezer', 'freezer-api')
    CONF(args=args,
         project='freezer-api',
         default_config_files=default_config_files,
         version=FREEZER_API_VERSION
         )
+    policy.Enforcer(CONF)


 def setup_logging():
@ -167,3 +168,18 @@ def list_opts():
    # update the current list of opts with db backend drivers opts
    _OPTS.update({"storage": _DB_DRIVERS})
    return _OPTS.items()
+
+
+def set_lib_defaults():
+    """Update default value for configuration options from other namespace.
+
+    Example, oslo lib config options. This is needed for
+    config generator tool to pick these default value changes.
+    https://docs.openstack.org/oslo.config/latest/cli/
+    generator.html#modifying-defaults-from-other-namespaces
+    """
+
+    # TODO(gmann): Remove setting the default value of config policy_file
+    # once oslo_policy change the default value to 'policy.yaml'.
+    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+    policy_opts.set_defaults(CONF, 'policy.yaml')
--- a/freezer_api/policy.py
+++ b/freezer_api/policy.py
@ -16,11 +16,19 @@ limitations under the License.

 import functools

+from oslo_config import cfg
+from oslo_policy import opts
 from oslo_policy import policy

 from freezer_api.common import exceptions
 from freezer_api.common import policies

+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
+
 ENFORCER = None


--- a/freezer_api/tests/unit/cmd/test_status.py
+++ b/freezer_api/tests/unit/cmd/test_status.py
@ -1,31 +0,0 @@
-# Copyright (c) 2018 NEC, Corp.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import unittest
-
-from oslo_upgradecheck.upgradecheck import Code
-
-from freezer_api.cmd import status
-
-
-class TestUpgradeChecks(unittest.TestCase):
-
-    def setUp(self):
-        super(TestUpgradeChecks, self).setUp()
-        self.cmd = status.Checks()
-
-    def test__check_placeholder(self):
-        check_result = self.cmd._check_placeholder()
-        self.assertEqual(
-            Code.SUCCESS, check_result.code)
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -31,16 +31,16 @@ netifaces==0.10.6
 openstackdocstheme==1.31.2
 os-api-ref==1.4.0
 oslo.cache==1.29.0
-oslo.config==5.2.0
-oslo.context==2.19.2
+oslo.config==6.8.0
+oslo.context==2.22.0
 oslo.db==4.44.0
 oslo.i18n==3.15.3
 oslo.log==3.36.0
 oslo.middleware==3.31.0
-oslo.policy==1.30.0
+oslo.policy==3.6.0
 oslo.serialization==2.25.0
-oslo.upgradecheck==0.1.0
-oslo.utils==3.36.0
+oslo.upgradecheck==1.3.0
+oslo.utils==4.5.0
 oslotest==3.3.0
 Paste==2.0.2
 PasteDeploy==1.5.0
@ -57,10 +57,10 @@ python-keystoneclient==3.15.0
 python-mimeparse==1.6.0
 python-subunit==1.2.0
 pytz==2018.3
-PyYAML==3.13
+PyYAML==5.1
 reno==2.5.0
-requests==2.18.4
-rfc3986==1.1.0
+requests==2.23.0
+rfc3986==1.2.0
 snowballstemmer==1.2.1
 Sphinx==1.8.0
 sphinxcontrib-websupport==1.0.1
@ -79,4 +79,4 @@ traceback2==1.4.0
 unittest2==1.1.0
 urllib3==1.22
 WebOb==1.7.4
-wrapt==1.10.11
+wrapt==1.11.0
--- a/releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-d703706239831caa.yaml
@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    The default value of ``[oslo_policy] policy_file`` config option has
+    been changed from ``policy.json`` to ``policy.yaml``.
+    Operators who are utilizing customized or previously generated
+    static policy JSON files (which are not needed by default), should
+    generate new policy files or convert them in YAML format. Use the
+    `oslopolicy-convert-json-to-yaml
+    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
+    tool to convert a JSON to YAML formatted policy file in
+    backward compatible way.
+deprecations:
+  - |
+    Use of JSON policy files was deprecated by the ``oslo.policy`` library
+    during the Victoria development cycle. As a result, this deprecation is
+    being noted in the Wallaby cycle with an anticipated future removal of support
+    by ``oslo.policy``. As such operators will need to convert to YAML policy
+    files. Please see the upgrade notes for details on migration of any
+    custom policy files.
--- a/requirements.txt
+++ b/requirements.txt
@ -7,12 +7,12 @@ jsonschema>=3.2.0 # MIT
 keystonemiddleware>=4.17.0 # Apache-2.0
 Paste>=2.0.2 # MIT
 PasteDeploy>=1.5.0 # MIT
-oslo.config>=5.2.0 # Apache-2.0
-oslo.context>=2.19.2 # Apache-2.0
+oslo.config>=6.8.0 # Apache-2.0
+oslo.context>=2.22.0 # Apache-2.0
 oslo.db>=4.44.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
 oslo.log>=3.36.0 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
-oslo.policy>=1.30.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0
-oslo.upgradecheck>=0.1.0 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
--- a/setup.cfg
+++ b/setup.cfg
@ -40,6 +40,8 @@ packages =
 [entry_points]
 oslo.config.opts =
    freezer-api = freezer_api.common.config:list_opts
+oslo.config.opts.defaults =
+    freezer-api = freezer_api.common.config:set_lib_defaults
 oslo.policy.policies =
    freezer-api = freezer_api.common.policies:list_rules
 console_scripts =