[goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: Icfd9e2a75d8fdfb24cbd1c850f498aadee91f543
This commit is contained in:
parent
439548e3de
commit
f691be54a8
|
@ -5,6 +5,14 @@ Policy configuration
|
|||
Configuration
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
.. warning::
|
||||
|
||||
JSON formatted policy file is deprecated since Magnum 12.0.0 (Wallaby).
|
||||
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||
|
||||
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||
|
||||
The following is an overview of all available policies in Magnum. For a sample
|
||||
configuration file, refer to :doc:`samples/policy-yaml`.
|
||||
|
||||
|
|
|
@ -2,6 +2,14 @@
|
|||
policy.yaml
|
||||
===========
|
||||
|
||||
.. warning::
|
||||
|
||||
JSON formatted policy file is deprecated since Magnum 12.0.0 (Wallaby).
|
||||
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||
|
||||
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||
|
||||
Use the ``policy.yaml`` file to define additional access controls that apply to
|
||||
the Container Infrastructure Management service:
|
||||
|
||||
|
|
|
@ -2782,7 +2782,7 @@ proceed as follows:
|
|||
(`False` by default).
|
||||
|
||||
2. Update heat policy to allow magnum list stacks. To this end, edit your heat
|
||||
policy file, usually etc/heat/policy.json``:
|
||||
policy file, usually etc/heat/policy.yaml``:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
|
|
|
@ -78,11 +78,11 @@ oslo.i18n==5.0.0
|
|||
oslo.log==4.2.0
|
||||
oslo.messaging==12.2.0
|
||||
oslo.middleware==4.1.0
|
||||
oslo.policy==3.2.0
|
||||
oslo.policy==3.6.0
|
||||
oslo.reports==2.1.0
|
||||
oslo.serialization==3.2.0
|
||||
oslo.service==2.2.0
|
||||
oslo.upgradecheck==1.1.0
|
||||
oslo.upgradecheck==1.3.0
|
||||
oslo.utils==4.2.0
|
||||
oslo.versionedobjects==2.1.0
|
||||
oslotest==4.4.1
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
import sys
|
||||
|
||||
from oslo_upgradecheck import common_checks
|
||||
from oslo_upgradecheck import upgradecheck
|
||||
|
||||
import magnum.conf
|
||||
|
@ -30,17 +31,9 @@ class Checks(upgradecheck.UpgradeCommands):
|
|||
and added to _upgrade_checks tuple.
|
||||
"""
|
||||
|
||||
def _sample_check(self):
|
||||
"""This is sample check added to test the upgrade check framework
|
||||
|
||||
It needs to be removed after adding any real upgrade check
|
||||
"""
|
||||
return upgradecheck.Result(upgradecheck.Code.SUCCESS, 'Sample detail')
|
||||
|
||||
_upgrade_checks = (
|
||||
# Sample check added for now.
|
||||
# Whereas in future real checks must be added here in tuple
|
||||
(_('Sample Check'), _sample_check),
|
||||
(_('Policy File JSON to YAML Migration'),
|
||||
(common_checks.check_policy_json, {'conf': CONF})),
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
# under the License.
|
||||
|
||||
from oslo_middleware import cors
|
||||
from oslo_policy import opts
|
||||
|
||||
from magnum.common import rpc
|
||||
import magnum.conf
|
||||
|
@ -34,9 +35,20 @@ def parse_args(argv, default_config_files=None):
|
|||
|
||||
|
||||
def set_config_defaults():
|
||||
"""This method updates all configuration default values."""
|
||||
"""Update default value for configuration options from other namespace.
|
||||
|
||||
Example, oslo lib config options. This is needed for
|
||||
config generator tool to pick these default value changes.
|
||||
https://docs.openstack.org/oslo.config/latest/cli/
|
||||
generator.html#modifying-defaults-from-other-namespaces
|
||||
"""
|
||||
set_cors_middleware_defaults()
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
opts.set_defaults(CONF, 'policy.yaml')
|
||||
|
||||
|
||||
def set_cors_middleware_defaults():
|
||||
"""Update default configuration options for oslo.middleware."""
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
|
||||
import decorator
|
||||
from oslo_config import cfg
|
||||
from oslo_policy import opts
|
||||
from oslo_policy import policy
|
||||
from oslo_utils import importutils
|
||||
import pecan
|
||||
|
@ -29,6 +30,12 @@ from magnum.common import policies
|
|||
_ENFORCER = None
|
||||
CONF = cfg.CONF
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
|
||||
|
||||
|
||||
# we can get a policy enforcer by this init.
|
||||
# oslo policy support change policy rule dynamically.
|
||||
|
|
|
@ -9,7 +9,7 @@ RUN dnf -y install openvswitch \
|
|||
&& dnf clean all
|
||||
RUN cd /opt \
|
||||
&& git clone https://git.openstack.org/openstack/neutron \
|
||||
&& cp neutron/etc/policy.json /etc/neutron/. \
|
||||
&& cp neutron/etc/policy.yaml /etc/neutron/. \
|
||||
&& rm -rf neutron \
|
||||
&& dnf -y remove git
|
||||
VOLUME /var/run/openvswitch
|
||||
|
|
|
@ -39,11 +39,11 @@ For the Neutron agent, you will need to provide 3 files at these
|
|||
locations:
|
||||
|
||||
- /etc/neutron/neutron.conf
|
||||
- /etc/neutron/policy.json
|
||||
- /etc/neutron/policy.yaml
|
||||
- /etc/neutron/plugins/ml2/ml2_conf.ini
|
||||
|
||||
These files are typically installed in the same locations on the
|
||||
Neutron controller node. The policy.json file is copied into the
|
||||
Neutron controller node. The policy.yaml file is copied into the
|
||||
Docker image because it is fairly static and does not require
|
||||
customization for the cluster. If it is changed in the Neutron master
|
||||
repo, you just need to rebuild the Docker image to update the file.
|
||||
|
|
|
@ -115,7 +115,7 @@ EOF
|
|||
}
|
||||
|
||||
function add_flavor {
|
||||
# because of policy.json change in nova, flavor-create is now an admin-only feature
|
||||
# because of policy.yaml change in nova, flavor-create is now an admin-only feature
|
||||
# moving this out to only be used by admins
|
||||
|
||||
# Get admin credentials
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
import fixtures
|
||||
from oslo_policy import _parser
|
||||
from oslo_policy import opts as policy_opts
|
||||
|
||||
from magnum.common import policy as magnum_policy
|
||||
import magnum.conf
|
||||
|
@ -25,7 +24,7 @@ CONF = magnum.conf.CONF
|
|||
class PolicyFixture(fixtures.Fixture):
|
||||
|
||||
def _setUp(self):
|
||||
policy_opts.set_defaults(CONF)
|
||||
CONF(args=[], project='magnum')
|
||||
magnum_policy._ENFORCER = None
|
||||
self.addCleanup(magnum_policy.init().clear)
|
||||
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
# Copyright (c) 2018 NEC, Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_upgradecheck.upgradecheck import Code
|
||||
|
||||
from magnum.cmd import status
|
||||
from magnum.tests import base
|
||||
|
||||
|
||||
class TestUpgradeChecks(base.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestUpgradeChecks, self).setUp()
|
||||
self.cmd = status.Checks()
|
||||
|
||||
def test__sample_check(self):
|
||||
check_result = self.cmd._sample_check()
|
||||
self.assertEqual(
|
||||
Code.SUCCESS, check_result.code)
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The default value of ``[oslo_policy] policy_file`` config option has
|
||||
been changed from ``policy.json`` to ``policy.yaml``.
|
||||
Operators who are utilizing customized or previously generated
|
||||
static policy JSON files (which are not needed by default), should
|
||||
generate new policy files or convert them in YAML format. Use the
|
||||
`oslopolicy-convert-json-to-yaml
|
||||
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||
tool to convert a JSON to YAML formatted policy file in
|
||||
backward compatible way.
|
||||
deprecations:
|
||||
- |
|
||||
Use of JSON policy files was deprecated by the ``oslo.policy`` library
|
||||
during the Victoria development cycle. As a result, this deprecation is
|
||||
being noted in the Wallaby cycle with an anticipated future removal of support
|
||||
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||
files. Please see the upgrade notes for details on migration of any
|
||||
custom policy files.
|
|
@ -30,11 +30,11 @@ oslo.i18n>=5.0.0 # Apache-2.0
|
|||
oslo.log>=4.2.0 # Apache-2.0
|
||||
oslo.messaging>=12.2.0 # Apache-2.0
|
||||
oslo.middleware>=4.1.0 # Apache-2.0
|
||||
oslo.policy>=3.2.0 # Apache-2.0
|
||||
oslo.policy>=3.6.0 # Apache-2.0
|
||||
oslo.reports>=2.1.0 # Apache-2.0
|
||||
oslo.serialization>=3.2.0 # Apache-2.0
|
||||
oslo.service>=2.2.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.1.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||
oslo.utils>=4.2.0 # Apache-2.0
|
||||
oslo.versionedobjects>=2.1.0 # Apache-2.0
|
||||
pbr>=5.5.0 # Apache-2.0
|
||||
|
|
|
@ -59,7 +59,7 @@ oslo.config.opts =
|
|||
magnum.conf = magnum.conf.opts:list_opts
|
||||
|
||||
oslo.config.opts.defaults =
|
||||
magnum = magnum.common.config:set_cors_middleware_defaults
|
||||
magnum = magnum.common.config:set_config_defaults
|
||||
|
||||
oslo.policy.policies =
|
||||
magnum = magnum.common.policies:list_rules
|
||||
|
|
Loading…
Reference in New Issue