[goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I8b78c7b640ab18ddfc809cb4603decc739d494d1
This commit is contained in:
parent
651f095a81
commit
c5e59b5e9e
|
@ -2,6 +2,14 @@
|
|||
Octavia Policies
|
||||
================
|
||||
|
||||
.. warning::
|
||||
|
||||
JSON formatted policy file is deprecated since Octavia 8.0.0 (Wallaby).
|
||||
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||
|
||||
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||
|
||||
.. _Keystone Default Roles: https://docs.openstack.org/keystone/latest/admin/service-api-protection.html
|
||||
|
||||
Octavia Advanced Role Based Access Control (RBAC)
|
||||
|
|
|
@ -90,7 +90,7 @@ oslo.policy==3.6.2
|
|||
oslo.reports==1.18.0
|
||||
oslo.serialization==2.28.1
|
||||
oslo.service==1.30.0
|
||||
oslo.upgradecheck==0.1.0
|
||||
oslo.upgradecheck==1.3.0
|
||||
oslo.utils==4.5.0
|
||||
oslotest==3.2.0
|
||||
packaging==20.4
|
||||
|
@ -133,7 +133,7 @@ pytz==2018.3
|
|||
PyYAML==5.1
|
||||
redis==2.10.0
|
||||
repoze.lru==0.7
|
||||
requests==2.18.4
|
||||
requests==2.23.0
|
||||
requests-mock==1.2.0
|
||||
requestsexceptions==1.4.0
|
||||
restructuredtext-lint==1.1.3
|
||||
|
@ -164,7 +164,7 @@ testscenarios==0.4
|
|||
testtools==2.2.0
|
||||
traceback2==1.4.0
|
||||
unittest2==1.1.0
|
||||
urllib3==1.22
|
||||
urllib3==1.21.1
|
||||
vine==5.0.0
|
||||
voluptuous==0.11.1
|
||||
waitress==1.1.0
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
import sys
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_upgradecheck import common_checks
|
||||
from oslo_upgradecheck import upgradecheck
|
||||
from stevedore import driver as stevedore_driver
|
||||
|
||||
|
@ -113,6 +114,8 @@ class Checks(upgradecheck.UpgradeCommands):
|
|||
_upgrade_checks = (
|
||||
(_('AmphoraV2 Check'), _check_amphorav2),
|
||||
(_('YAML Policy File'), _check_yaml_policy),
|
||||
(_('Policy File JSON to YAML Migration'),
|
||||
(common_checks.check_policy_json, {'conf': CONF})),
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@ from oslo_config import cfg
|
|||
from oslo_db import options as db_options
|
||||
from oslo_log import log as logging
|
||||
import oslo_messaging as messaging
|
||||
from oslo_policy import opts as policy_opts
|
||||
|
||||
from octavia.certificates.common import local
|
||||
from octavia.common import constants
|
||||
|
@ -979,3 +980,19 @@ def setup_remote_debugger():
|
|||
{'debug-host': debugger_host,
|
||||
'debug-port': debugger_port})
|
||||
raise
|
||||
|
||||
|
||||
def set_lib_defaults():
|
||||
"""Update default value for configuration options from other namespace.
|
||||
|
||||
Example, oslo lib config options. This is needed for
|
||||
config generator tool to pick these default value changes.
|
||||
https://docs.openstack.org/oslo.config/latest/cli/
|
||||
generator.html#modifying-defaults-from-other-namespaces
|
||||
"""
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
# Update default value of oslo.policy policy_file config option.
|
||||
policy_opts.set_defaults(cfg.CONF, 'policy.yaml')
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
"""Policy Engine For Octavia."""
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_policy import opts
|
||||
from oslo_policy import policy as oslo_policy
|
||||
from oslo_utils import excutils
|
||||
|
||||
|
@ -24,6 +25,13 @@ LOG = logging.getLogger(__name__)
|
|||
OCTAVIA_POLICY = None
|
||||
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
global OCTAVIA_POLICY
|
||||
if OCTAVIA_POLICY is None:
|
||||
|
|
|
@ -127,8 +127,9 @@ class TestUpgradeChecks(base.TestCase):
|
|||
Code.FAILURE, check_result.code)
|
||||
|
||||
def test__check_yaml_policy(self):
|
||||
policy.Policy()
|
||||
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
|
||||
self.conf.conf(args=[], project='octavia')
|
||||
policy.Policy()
|
||||
|
||||
self.conf.config(group='oslo_policy', policy_file='test.yaml')
|
||||
check_result = self.cmd._check_yaml_policy()
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The default value of ``[oslo_policy] policy_file`` config option has
|
||||
been changed from ``policy.json`` to ``policy.yaml``.
|
||||
Operators who are utilizing customized or previously generated
|
||||
static policy JSON files (which are not needed by default), should
|
||||
generate new policy files or convert them in YAML format. Use the
|
||||
`oslopolicy-convert-json-to-yaml
|
||||
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||
tool to convert a JSON to YAML formatted policy file in
|
||||
backward compatible way.
|
||||
deprecations:
|
||||
- |
|
||||
Use of JSON policy files was deprecated by the ``oslo.policy`` library
|
||||
during the Victoria development cycle. As a result, this deprecation is
|
||||
being noted in the Wallaby cycle with an anticipated future removal of support
|
||||
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||
files. Please see the upgrade notes for details on migration of any
|
||||
custom policy files.
|
|
@ -8,7 +8,7 @@ pbr>=3.1.1 # Apache-2.0
|
|||
SQLAlchemy>=1.2.19 # MIT
|
||||
SQLAlchemy-Utils>=0.30.11
|
||||
futurist>=1.2.0 # Apache-2.0
|
||||
requests>=2.18.4 # Apache-2.0
|
||||
requests>=2.23.0 # Apache-2.0
|
||||
rfc3986>=1.2.0 # Apache-2.0
|
||||
keystoneauth1>=3.4.0 # Apache-2.0
|
||||
keystonemiddleware>=4.17.0 # Apache-2.0
|
||||
|
@ -25,7 +25,7 @@ oslo.middleware>=4.0.1 # Apache-2.0
|
|||
oslo.policy>=3.6.2 # Apache-2.0
|
||||
oslo.reports>=1.18.0 # Apache-2.0
|
||||
oslo.serialization>=2.28.1 # Apache-2.0
|
||||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||
oslo.utils>=4.5.0 # Apache-2.0
|
||||
pyasn1!=0.2.3,>=0.1.8 # BSD
|
||||
pyasn1-modules>=0.0.6 # BSD
|
||||
|
|
|
@ -101,6 +101,8 @@ octavia.worker.jobboard_driver =
|
|||
zookeeper_taskflow_driver = octavia.controller.worker.v2.taskflow_jobboard_driver:ZookeeperTaskFlowDriver
|
||||
oslo.config.opts =
|
||||
octavia = octavia.opts:list_opts
|
||||
oslo.config.opts.defaults =
|
||||
octavia = octavia.common.config:set_lib_defaults
|
||||
oslo.policy.policies =
|
||||
octavia = octavia.policies:list_rules
|
||||
oslo.policy.enforcer =
|
||||
|
|
Loading…
Reference in New Issue