[goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also convert the ./glance/tests/etc/policy.json to policy.yaml file. Replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Depends-On: https://review.opendev.org/c/openstack/nova/+/773192 Change-Id: I17d0374dd4223688e5f95253802a4ae87377953a
This commit is contained in:
parent
cbc8519554
commit
c107629f90
|
@ -437,7 +437,7 @@ this plugin to inject the properties automatically upon image import.
|
||||||
|
|
||||||
You can guarantee that your end users must use interoperable image import by
|
You can guarantee that your end users must use interoperable image import by
|
||||||
restricting the ``upload_image`` policy appropriately in the Glance
|
restricting the ``upload_image`` policy appropriately in the Glance
|
||||||
``policy.json`` file. By default, this policy is unrestricted (that is,
|
``policy.yaml`` file. By default, this policy is unrestricted (that is,
|
||||||
any authorized user may make the image upload call).
|
any authorized user may make the image upload call).
|
||||||
|
|
||||||
For example, to allow only admin or service users to make the image upload
|
For example, to allow only admin or service users to make the image upload
|
||||||
|
@ -534,7 +534,7 @@ converting the images to their end users.
|
||||||
|
|
||||||
You can guarantee that your end users must use interoperable image import by
|
You can guarantee that your end users must use interoperable image import by
|
||||||
restricting the ``upload_image`` policy appropriately in the Glance
|
restricting the ``upload_image`` policy appropriately in the Glance
|
||||||
``policy.json`` file. By default, this policy is unrestricted (that is,
|
``policy.yaml`` file. By default, this policy is unrestricted (that is,
|
||||||
any authorized user may make the image upload call).
|
any authorized user may make the image upload call).
|
||||||
|
|
||||||
For example, to allow only admin or service users to make the image upload
|
For example, to allow only admin or service users to make the image upload
|
||||||
|
@ -612,7 +612,7 @@ only compressed images.
|
||||||
|
|
||||||
You can guarantee that your end users must use interoperable image import by
|
You can guarantee that your end users must use interoperable image import by
|
||||||
restricting the ``upload_image`` policy appropriately in the Glance
|
restricting the ``upload_image`` policy appropriately in the Glance
|
||||||
``policy.json`` file. By default, this policy is unrestricted (that is,
|
``policy.yaml`` file. By default, this policy is unrestricted (that is,
|
||||||
any authorized user may make the image upload call).
|
any authorized user may make the image upload call).
|
||||||
|
|
||||||
For example, to allow only admin or service users to make the image upload
|
For example, to allow only admin or service users to make the image upload
|
||||||
|
|
|
@ -17,6 +17,14 @@
|
||||||
Policies
|
Policies
|
||||||
========
|
========
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
JSON formatted policy file is deprecated since Glance 22.0.0 (Wallaby).
|
||||||
|
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||||
|
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||||
|
|
||||||
|
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||||
|
|
||||||
Glance's public API calls may be restricted to certain sets of users using a
|
Glance's public API calls may be restricted to certain sets of users using a
|
||||||
policy configuration file. This document explains exactly how policies are
|
policy configuration file. This document explains exactly how policies are
|
||||||
configured and what they apply to.
|
configured and what they apply to.
|
||||||
|
|
|
@ -142,10 +142,10 @@ core properties and the image owner can manage additional properties.
|
||||||
|
|
||||||
**To configure property protection**
|
**To configure property protection**
|
||||||
|
|
||||||
To configure property protection, edit the ``policy.json`` file. This file
|
To configure property protection, edit the ``policy.yaml`` file. This file
|
||||||
can also be used to set policies for Image service actions.
|
can also be used to set policies for Image service actions.
|
||||||
|
|
||||||
#. Define roles or policies in the ``policy.json`` file:
|
#. Define roles or policies in the ``policy.yaml`` file:
|
||||||
|
|
||||||
.. code-block:: json
|
.. code-block:: json
|
||||||
|
|
||||||
|
@ -376,7 +376,7 @@ For a list of flavors that are available on your system, run:
|
||||||
|
|
||||||
By default, administrative users can configure the flavors. You can
|
By default, administrative users can configure the flavors. You can
|
||||||
change this behavior by redefining the access controls for
|
change this behavior by redefining the access controls for
|
||||||
``compute_extension:flavormanage`` in ``/etc/nova/policy.json`` on the
|
``compute_extension:flavormanage`` in ``/etc/nova/policy.yaml`` on the
|
||||||
``compute-api`` server.
|
``compute-api`` server.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -107,7 +107,7 @@ Policy
|
||||||
The fourth layer of the domain model is responsible for:
|
The fourth layer of the domain model is responsible for:
|
||||||
|
|
||||||
#. Defining access rules to perform actions with an image. The rules are
|
#. Defining access rules to perform actions with an image. The rules are
|
||||||
defined in the :file:`etc/policy.json` file.
|
defined in the :file:`etc/policy.yaml` file.
|
||||||
#. Monitoring of the rules implementation.
|
#. Monitoring of the rules implementation.
|
||||||
|
|
||||||
.. _quota:
|
.. _quota:
|
||||||
|
|
|
@ -21,6 +21,7 @@ import copy
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
|
|
||||||
from glance.common import exception
|
from glance.common import exception
|
||||||
|
@ -34,6 +35,13 @@ CONF = cfg.CONF
|
||||||
_ENFORCER = None
|
_ENFORCER = None
|
||||||
|
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
|
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
||||||
|
|
||||||
|
|
||||||
class Enforcer(policy.Enforcer):
|
class Enforcer(policy.Enforcer):
|
||||||
"""Responsible for loading and enforcing rules"""
|
"""Responsible for loading and enforcing rules"""
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,7 @@ import sys
|
||||||
|
|
||||||
import glance_store
|
import glance_store
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
from oslo_upgradecheck import common_checks
|
||||||
from oslo_upgradecheck import upgradecheck
|
from oslo_upgradecheck import upgradecheck
|
||||||
|
|
||||||
from glance.common import wsgi # noqa
|
from glance.common import wsgi # noqa
|
||||||
|
@ -50,6 +51,9 @@ class Checks(upgradecheck.UpgradeCommands):
|
||||||
_upgrade_checks = (
|
_upgrade_checks = (
|
||||||
# Added in Ussuri
|
# Added in Ussuri
|
||||||
('Sheepdog Driver Removal', _check_sheepdog_store),
|
('Sheepdog Driver Removal', _check_sheepdog_store),
|
||||||
|
# Added in Wallaby
|
||||||
|
('Policy File JSON to YAML Migration',
|
||||||
|
(common_checks.check_policy_json, {'conf': CONF})),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,7 @@ import sys
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_middleware import cors
|
from oslo_middleware import cors
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
from paste import deploy
|
from paste import deploy
|
||||||
|
|
||||||
|
@ -349,7 +350,7 @@ Related options:
|
||||||
* location_strategy
|
* location_strategy
|
||||||
|
|
||||||
""")),
|
""")),
|
||||||
# NOTE(flaper87): The policy.json file should be updated and the locaiton
|
# NOTE(flaper87): The policy.yaml file should be updated and the locaiton
|
||||||
# related rules set to admin only once this option is finally removed.
|
# related rules set to admin only once this option is finally removed.
|
||||||
# NOTE(rosmaita): Unfortunately, this option is used to gate some code
|
# NOTE(rosmaita): Unfortunately, this option is used to gate some code
|
||||||
# paths; if the location related policies are set admin-only, then no
|
# paths; if the location related policies are set admin-only, then no
|
||||||
|
@ -698,6 +699,12 @@ def set_config_defaults():
|
||||||
"""This method updates all configuration default values."""
|
"""This method updates all configuration default values."""
|
||||||
set_cors_middleware_defaults()
|
set_cors_middleware_defaults()
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
|
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
||||||
|
|
||||||
|
|
||||||
def set_cors_middleware_defaults():
|
def set_cors_middleware_defaults():
|
||||||
"""Update default configuration options for oslo.middleware."""
|
"""Update default configuration options for oslo.middleware."""
|
||||||
|
|
|
@ -72,7 +72,7 @@ If the value is ``roles``, the property protection file must
|
||||||
contain a comma separated list of user roles indicating
|
contain a comma separated list of user roles indicating
|
||||||
permissions for each of the CRUD operations on each property
|
permissions for each of the CRUD operations on each property
|
||||||
being protected. If set to ``policies``, a policy defined in
|
being protected. If set to ``policies``, a policy defined in
|
||||||
policy.json is used to express property protections for each
|
policy.yaml is used to express property protections for each
|
||||||
of the CRUD operations. Examples of how property protections
|
of the CRUD operations. Examples of how property protections
|
||||||
are enforced based on ``roles`` or ``policies`` can be found at:
|
are enforced based on ``roles`` or ``policies`` can be found at:
|
||||||
https://docs.openstack.org/glance/latest/admin/property-protections.html#examples
|
https://docs.openstack.org/glance/latest/admin/property-protections.html#examples
|
||||||
|
@ -196,7 +196,7 @@ class PropertyRules(object):
|
||||||
create = glance_creator
|
create = glance_creator
|
||||||
then the corresponding policy rule would be:
|
then the corresponding policy rule would be:
|
||||||
"prop_a:create": "rule:glance_creator"
|
"prop_a:create": "rule:glance_creator"
|
||||||
where glance_creator is defined in policy.json. For example:
|
where glance_creator is defined in policy.yaml. For example:
|
||||||
"glance_creator": "role:admin or role:glance_create_user"
|
"glance_creator": "role:admin or role:glance_create_user"
|
||||||
"""
|
"""
|
||||||
rule = "rule:%s" % rule
|
rule = "rule:%s" % rule
|
||||||
|
|
|
@ -1,67 +0,0 @@
|
||||||
{
|
|
||||||
"context_is_admin": "role:admin",
|
|
||||||
"default": "",
|
|
||||||
"glance_creator": "role:admin or role:spl_role",
|
|
||||||
|
|
||||||
"add_image": "",
|
|
||||||
"delete_image": "",
|
|
||||||
"get_image": "",
|
|
||||||
"get_images": "",
|
|
||||||
"modify_image": "",
|
|
||||||
"publicize_image": "",
|
|
||||||
"communitize_image": "",
|
|
||||||
|
|
||||||
"download_image": "",
|
|
||||||
"upload_image": "",
|
|
||||||
|
|
||||||
"delete_image_location": "",
|
|
||||||
"get_image_location": "",
|
|
||||||
"set_image_location": "",
|
|
||||||
|
|
||||||
"add_member": "",
|
|
||||||
"delete_member": "",
|
|
||||||
"get_member": "",
|
|
||||||
"get_members": "",
|
|
||||||
"modify_member": "",
|
|
||||||
|
|
||||||
"manage_image_cache": "",
|
|
||||||
|
|
||||||
"get_task": "role:admin",
|
|
||||||
"get_tasks": "role:admin",
|
|
||||||
"add_task": "role:admin",
|
|
||||||
"modify_task": "role:admin",
|
|
||||||
|
|
||||||
"get_metadef_namespace": "",
|
|
||||||
"get_metadef_namespaces":"",
|
|
||||||
"modify_metadef_namespace":"",
|
|
||||||
"add_metadef_namespace":"",
|
|
||||||
"delete_metadef_namespace": "",
|
|
||||||
|
|
||||||
"get_metadef_object":"",
|
|
||||||
"get_metadef_objects":"",
|
|
||||||
"modify_metadef_object":"",
|
|
||||||
"add_metadef_object":"",
|
|
||||||
"delete_metadef_object": "",
|
|
||||||
|
|
||||||
"list_metadef_resource_types":"",
|
|
||||||
"get_metadef_resource_type":"",
|
|
||||||
"add_metadef_resource_type_association":"",
|
|
||||||
"remove_metadef_resource_type_association": "",
|
|
||||||
|
|
||||||
"get_metadef_property":"",
|
|
||||||
"get_metadef_properties":"",
|
|
||||||
"modify_metadef_property":"",
|
|
||||||
"add_metadef_property":"",
|
|
||||||
"remove_metadef_property": "",
|
|
||||||
|
|
||||||
"get_metadef_tag":"",
|
|
||||||
"get_metadef_tags":"",
|
|
||||||
"modify_metadef_tag":"",
|
|
||||||
"add_metadef_tag":"",
|
|
||||||
"add_metadef_tags":"",
|
|
||||||
"delete_metadef_tag": "",
|
|
||||||
"delete_metadef_tags": "",
|
|
||||||
|
|
||||||
"deactivate": "",
|
|
||||||
"reactivate": ""
|
|
||||||
}
|
|
|
@ -0,0 +1,161 @@
|
||||||
|
# Defines the default rule used for policies that historically had an
|
||||||
|
# empty policy in the supplied policy.yaml file.
|
||||||
|
#"default": ""
|
||||||
|
|
||||||
|
# Defines the rule for the is_admin:True check.
|
||||||
|
#"context_is_admin": "role:admin"
|
||||||
|
|
||||||
|
# add_image
|
||||||
|
"add_image": ""
|
||||||
|
|
||||||
|
# delete_image
|
||||||
|
"delete_image": ""
|
||||||
|
|
||||||
|
# get_image
|
||||||
|
"get_image": ""
|
||||||
|
|
||||||
|
# get_images
|
||||||
|
"get_images": ""
|
||||||
|
|
||||||
|
# modify_image
|
||||||
|
"modify_image": ""
|
||||||
|
|
||||||
|
# publicize_image
|
||||||
|
"publicize_image": ""
|
||||||
|
|
||||||
|
# communitize_image
|
||||||
|
"communitize_image": ""
|
||||||
|
|
||||||
|
# download_image
|
||||||
|
"download_image": ""
|
||||||
|
|
||||||
|
# upload_image
|
||||||
|
"upload_image": ""
|
||||||
|
|
||||||
|
# delete_image_location
|
||||||
|
"delete_image_location": ""
|
||||||
|
|
||||||
|
# get_image_location
|
||||||
|
"get_image_location": ""
|
||||||
|
|
||||||
|
# set_image_location
|
||||||
|
"set_image_location": ""
|
||||||
|
|
||||||
|
# add_member
|
||||||
|
"add_member": ""
|
||||||
|
|
||||||
|
# delete_member
|
||||||
|
"delete_member": ""
|
||||||
|
|
||||||
|
# get_member
|
||||||
|
"get_member": ""
|
||||||
|
|
||||||
|
# get_members
|
||||||
|
"get_members": ""
|
||||||
|
|
||||||
|
# modify_member
|
||||||
|
"modify_member": ""
|
||||||
|
|
||||||
|
# manage_image_cache
|
||||||
|
"manage_image_cache": ""
|
||||||
|
|
||||||
|
# deactivate
|
||||||
|
"deactivate": ""
|
||||||
|
|
||||||
|
# reactivate
|
||||||
|
"reactivate": ""
|
||||||
|
|
||||||
|
# get_task
|
||||||
|
"get_task": "role:admin"
|
||||||
|
|
||||||
|
# get_tasks
|
||||||
|
"get_tasks": "role:admin"
|
||||||
|
|
||||||
|
# add_task
|
||||||
|
"add_task": "role:admin"
|
||||||
|
|
||||||
|
# modify_task
|
||||||
|
"modify_task": "role:admin"
|
||||||
|
|
||||||
|
# get_metadef_namespace
|
||||||
|
"get_metadef_namespace": ""
|
||||||
|
|
||||||
|
# get_metadef_namespaces
|
||||||
|
"get_metadef_namespaces": ""
|
||||||
|
|
||||||
|
# modify_metadef_namespace
|
||||||
|
"modify_metadef_namespace": ""
|
||||||
|
|
||||||
|
# add_metadef_namespace
|
||||||
|
"add_metadef_namespace": ""
|
||||||
|
|
||||||
|
# delete_metadef_namespace
|
||||||
|
"delete_metadef_namespace": ""
|
||||||
|
|
||||||
|
# get_metadef_object
|
||||||
|
"get_metadef_object": ""
|
||||||
|
|
||||||
|
# get_metadef_objects
|
||||||
|
"get_metadef_objects": ""
|
||||||
|
|
||||||
|
# modify_metadef_object
|
||||||
|
"modify_metadef_object": ""
|
||||||
|
|
||||||
|
# add_metadef_object
|
||||||
|
"add_metadef_object": ""
|
||||||
|
|
||||||
|
# delete_metadef_object
|
||||||
|
"delete_metadef_object": ""
|
||||||
|
|
||||||
|
# list_metadef_resource_types
|
||||||
|
"list_metadef_resource_types": ""
|
||||||
|
|
||||||
|
# get_metadef_resource_type
|
||||||
|
"get_metadef_resource_type": ""
|
||||||
|
|
||||||
|
# add_metadef_resource_type_association
|
||||||
|
"add_metadef_resource_type_association": ""
|
||||||
|
|
||||||
|
# remove_metadef_resource_type_association
|
||||||
|
"remove_metadef_resource_type_association": ""
|
||||||
|
|
||||||
|
# get_metadef_property
|
||||||
|
"get_metadef_property": ""
|
||||||
|
|
||||||
|
# get_metadef_properties
|
||||||
|
"get_metadef_properties": ""
|
||||||
|
|
||||||
|
# modify_metadef_property
|
||||||
|
"modify_metadef_property": ""
|
||||||
|
|
||||||
|
# add_metadef_property
|
||||||
|
"add_metadef_property": ""
|
||||||
|
|
||||||
|
# remove_metadef_property
|
||||||
|
"remove_metadef_property": ""
|
||||||
|
|
||||||
|
# get_metadef_tag
|
||||||
|
"get_metadef_tag": ""
|
||||||
|
|
||||||
|
# get_metadef_tags
|
||||||
|
"get_metadef_tags": ""
|
||||||
|
|
||||||
|
# modify_metadef_tag
|
||||||
|
"modify_metadef_tag": ""
|
||||||
|
|
||||||
|
# add_metadef_tag
|
||||||
|
"add_metadef_tag": ""
|
||||||
|
|
||||||
|
# add_metadef_tags
|
||||||
|
"add_metadef_tags": ""
|
||||||
|
|
||||||
|
# delete_metadef_tag
|
||||||
|
"delete_metadef_tag": ""
|
||||||
|
|
||||||
|
# delete_metadef_tags
|
||||||
|
"delete_metadef_tags": ""
|
||||||
|
|
||||||
|
# WARNING: Below rules are either deprecated rules
|
||||||
|
# or extra rules in policy file, it is strongly
|
||||||
|
# recommended to switch to new rules.
|
||||||
|
"glance_creator": "role:admin or role:spl_role"
|
|
@ -804,7 +804,7 @@ class FunctionalTest(test_utils.BaseTestCase):
|
||||||
conf_dir = os.path.join(self.test_dir, 'etc')
|
conf_dir = os.path.join(self.test_dir, 'etc')
|
||||||
utils.safe_mkdirs(conf_dir)
|
utils.safe_mkdirs(conf_dir)
|
||||||
self.copy_data_file('schema-image.json', conf_dir)
|
self.copy_data_file('schema-image.json', conf_dir)
|
||||||
self.copy_data_file('policy.json', conf_dir)
|
self.copy_data_file('policy.yaml', conf_dir)
|
||||||
self.copy_data_file('property-protections.conf', conf_dir)
|
self.copy_data_file('property-protections.conf', conf_dir)
|
||||||
self.copy_data_file('property-protections-policies.conf', conf_dir)
|
self.copy_data_file('property-protections-policies.conf', conf_dir)
|
||||||
self.property_file_roles = os.path.join(conf_dir,
|
self.property_file_roles = os.path.join(conf_dir,
|
||||||
|
@ -812,7 +812,7 @@ class FunctionalTest(test_utils.BaseTestCase):
|
||||||
property_policies = 'property-protections-policies.conf'
|
property_policies = 'property-protections-policies.conf'
|
||||||
self.property_file_policies = os.path.join(conf_dir,
|
self.property_file_policies = os.path.join(conf_dir,
|
||||||
property_policies)
|
property_policies)
|
||||||
self.policy_file = os.path.join(conf_dir, 'policy.json')
|
self.policy_file = os.path.join(conf_dir, 'policy.yaml')
|
||||||
|
|
||||||
self.api_server = ApiServer(self.test_dir,
|
self.api_server = ApiServer(self.test_dir,
|
||||||
self.api_port,
|
self.api_port,
|
||||||
|
@ -1153,7 +1153,7 @@ class MultipleBackendFunctionalTest(test_utils.BaseTestCase):
|
||||||
conf_dir = os.path.join(self.test_dir, 'etc')
|
conf_dir = os.path.join(self.test_dir, 'etc')
|
||||||
utils.safe_mkdirs(conf_dir)
|
utils.safe_mkdirs(conf_dir)
|
||||||
self.copy_data_file('schema-image.json', conf_dir)
|
self.copy_data_file('schema-image.json', conf_dir)
|
||||||
self.copy_data_file('policy.json', conf_dir)
|
self.copy_data_file('policy.yaml', conf_dir)
|
||||||
self.copy_data_file('property-protections.conf', conf_dir)
|
self.copy_data_file('property-protections.conf', conf_dir)
|
||||||
self.copy_data_file('property-protections-policies.conf', conf_dir)
|
self.copy_data_file('property-protections-policies.conf', conf_dir)
|
||||||
self.property_file_roles = os.path.join(conf_dir,
|
self.property_file_roles = os.path.join(conf_dir,
|
||||||
|
@ -1161,7 +1161,7 @@ class MultipleBackendFunctionalTest(test_utils.BaseTestCase):
|
||||||
property_policies = 'property-protections-policies.conf'
|
property_policies = 'property-protections-policies.conf'
|
||||||
self.property_file_policies = os.path.join(conf_dir,
|
self.property_file_policies = os.path.join(conf_dir,
|
||||||
property_policies)
|
property_policies)
|
||||||
self.policy_file = os.path.join(conf_dir, 'policy.json')
|
self.policy_file = os.path.join(conf_dir, 'policy.yaml')
|
||||||
|
|
||||||
self.api_server_multiple_backend = ApiServerForMultipleBackend(
|
self.api_server_multiple_backend = ApiServerForMultipleBackend(
|
||||||
self.test_dir, self.api_port, self.policy_file, sock=api_sock)
|
self.test_dir, self.api_port, self.policy_file, sock=api_sock)
|
||||||
|
|
|
@ -95,7 +95,7 @@ class BaseTestCase(testtools.TestCase):
|
||||||
self.useFixture(glance_fixtures.StandardLogging())
|
self.useFixture(glance_fixtures.StandardLogging())
|
||||||
|
|
||||||
def set_policy(self):
|
def set_policy(self):
|
||||||
conf_file = "policy.json"
|
conf_file = "policy.yaml"
|
||||||
self.policy_file = self._copy_data_file(conf_file, self.conf_dir)
|
self.policy_file = self._copy_data_file(conf_file, self.conf_dir)
|
||||||
self.config(policy_file=self.policy_file, group='oslo_policy')
|
self.config(policy_file=self.policy_file, group='oslo_policy')
|
||||||
|
|
||||||
|
|
|
@ -57,18 +57,18 @@ networkx==2.2
|
||||||
os-client-config==1.29.0
|
os-client-config==1.29.0
|
||||||
os-win==4.0.1
|
os-win==4.0.1
|
||||||
oslo.concurrency==3.26.0
|
oslo.concurrency==3.26.0
|
||||||
oslo.config==5.2.0
|
oslo.config==6.0.0
|
||||||
oslo.context==2.22.0
|
oslo.context==2.22.0
|
||||||
oslo.db==5.0.0
|
oslo.db==5.0.0
|
||||||
oslo.i18n==3.15.3
|
oslo.i18n==3.15.3
|
||||||
oslo.log==3.36.0
|
oslo.log==3.36.0
|
||||||
oslo.messaging==5.29.0
|
oslo.messaging==5.29.0
|
||||||
oslo.middleware==3.31.0
|
oslo.middleware==3.31.0
|
||||||
oslo.policy==2.4.1
|
oslo.policy==3.6.0
|
||||||
oslo.reports==1.18.0
|
oslo.reports==1.18.0
|
||||||
oslo.serialization==2.25.0
|
oslo.serialization==2.25.0
|
||||||
oslo.service==1.41.1
|
oslo.service==1.41.1
|
||||||
oslo.upgradecheck==0.1.0
|
oslo.upgradecheck==1.3.0
|
||||||
oslo.utils==4.7.0
|
oslo.utils==4.7.0
|
||||||
oslotest==3.2.0
|
oslotest==3.2.0
|
||||||
osprofiler==1.4.0
|
osprofiler==1.4.0
|
||||||
|
@ -98,7 +98,7 @@ python-mimeparse==1.6.0
|
||||||
python-subunit==1.2.0
|
python-subunit==1.2.0
|
||||||
python-swiftclient==3.2.0
|
python-swiftclient==3.2.0
|
||||||
pytz==2018.3
|
pytz==2018.3
|
||||||
PyYAML==3.12
|
PyYAML==5.1
|
||||||
repoze.lru==0.7
|
repoze.lru==0.7
|
||||||
requests==2.14.2
|
requests==2.14.2
|
||||||
requestsexceptions==1.4.0
|
requestsexceptions==1.4.0
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The default value of ``[oslo_policy] policy_file`` config option has
|
||||||
|
been changed from ``policy.json`` to ``policy.yaml``.
|
||||||
|
Operators who are utilizing customized or previously generated
|
||||||
|
static policy JSON files (which are not needed by default), should
|
||||||
|
generate new policy files or convert them in YAML format. Use the
|
||||||
|
`oslopolicy-convert-json-to-yaml
|
||||||
|
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||||
|
tool to convert a JSON to YAML formatted policy file in
|
||||||
|
backward compatible way.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Use of JSON policy files was deprecated by the ``oslo.policy`` library
|
||||||
|
during the Victoria development cycle. As a result, this deprecation is
|
||||||
|
being noted in the Wallaby cycle with an anticipated future removal of support
|
||||||
|
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||||
|
files. Please see the upgrade notes for details on migration of any
|
||||||
|
custom policy files.
|
|
@ -15,10 +15,10 @@ sqlalchemy-migrate>=0.11.0 # Apache-2.0
|
||||||
sqlparse>=0.2.2 # BSD
|
sqlparse>=0.2.2 # BSD
|
||||||
alembic>=0.9.6 # MIT
|
alembic>=0.9.6 # MIT
|
||||||
httplib2>=0.9.1 # MIT
|
httplib2>=0.9.1 # MIT
|
||||||
oslo.config>=5.2.0 # Apache-2.0
|
oslo.config>=6.0.0 # Apache-2.0
|
||||||
oslo.concurrency>=3.26.0 # Apache-2.0
|
oslo.concurrency>=3.26.0 # Apache-2.0
|
||||||
oslo.context>=2.22.0 # Apache-2.0
|
oslo.context>=2.22.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||||
oslo.utils>=4.7.0 # Apache-2.0
|
oslo.utils>=4.7.0 # Apache-2.0
|
||||||
stevedore!=3.0.0,>=1.20.0 # Apache-2.0
|
stevedore!=3.0.0,>=1.20.0 # Apache-2.0
|
||||||
futurist>=1.2.0 # Apache-2.0
|
futurist>=1.2.0 # Apache-2.0
|
||||||
|
@ -42,7 +42,7 @@ oslo.log>=3.36.0 # Apache-2.0
|
||||||
oslo.messaging>=5.29.0,!=9.0.0 # Apache-2.0
|
oslo.messaging>=5.29.0,!=9.0.0 # Apache-2.0
|
||||||
oslo.middleware>=3.31.0 # Apache-2.0
|
oslo.middleware>=3.31.0 # Apache-2.0
|
||||||
oslo.reports>=1.18.0 # Apache-2.0
|
oslo.reports>=1.18.0 # Apache-2.0
|
||||||
oslo.policy>=2.4.1 # Apache-2.0
|
oslo.policy>=3.6.0 # Apache-2.0
|
||||||
|
|
||||||
retrying!=1.3.0,>=1.2.3 # Apache-2.0
|
retrying!=1.3.0,>=1.2.3 # Apache-2.0
|
||||||
osprofiler>=1.4.0 # Apache-2.0
|
osprofiler>=1.4.0 # Apache-2.0
|
||||||
|
|
|
@ -55,7 +55,7 @@ oslo.config.opts =
|
||||||
glance.manage = glance.opts:list_manage_opts
|
glance.manage = glance.opts:list_manage_opts
|
||||||
glance = glance.opts:list_image_import_opts
|
glance = glance.opts:list_image_import_opts
|
||||||
oslo.config.opts.defaults =
|
oslo.config.opts.defaults =
|
||||||
glance.api = glance.common.config:set_cors_middleware_defaults
|
glance.api = glance.common.config:set_config_defaults
|
||||||
glance.database.migration_backend =
|
glance.database.migration_backend =
|
||||||
sqlalchemy = oslo_db.sqlalchemy.migration
|
sqlalchemy = oslo_db.sqlalchemy.migration
|
||||||
glance.database.metadata_backend =
|
glance.database.metadata_backend =
|
||||||
|
|
Loading…
Reference in New Issue