From a1f9c741c66a72a151b7c0726646f711ddef7035 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 16 Mar 2021 16:59:51 +0200 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to replace policy.json to policy.yaml and remove deprecated policy.json. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I5714f88ab0df41adbac52ff65f16f37e69bafb79 --- handlers/main.yml | 21 +++++---------------- tasks/cloudkitty_post_install.yml | 28 ++++++++++++++++++++++++---- templates/policy.json.j2 | 22 ---------------------- 3 files changed, 29 insertions(+), 42 deletions(-) delete mode 100644 templates/policy.json.j2 diff --git a/handlers/main.yml b/handlers/main.yml index 55ed38b..7e769a5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -26,22 +26,11 @@ - "Restart cloudkitty services" - "venv changed" -# Note (odyssey4me): -# The policy.json file is currently read continually by the services -# and is not only read on service start. We therefore cannot template -# directly to the file read by the service because the new policies -# may not be valid until the service restarts. This is particularly -# important during a major upgrade. We therefore only put the policy -# file in place after the service has been stopped. -# -- name: Copy new policy file into place - copy: - src: "/etc/cloudkitty/policy.json-{{ cloudkitty_venv_tag }}" - dest: "/etc/cloudkitty/policy.json" - owner: "root" - group: "{{ cloudkitty_system_group_name }}" - mode: "0640" - remote_src: yes +# NOTE (noonedeadpunk): Remove this task after Xena release +- name: Remove obsoleted policy.json + file: + path: "/etc/cloudkitty/policy.json" + state: absent listen: - "Restart cloudkitty services" - "venv changed" diff --git a/tasks/cloudkitty_post_install.yml b/tasks/cloudkitty_post_install.yml index 86b0988..0db80bd 100644 --- a/tasks/cloudkitty_post_install.yml +++ b/tasks/cloudkitty_post_install.yml @@ -33,10 +33,6 @@ dest: "/etc/cloudkitty/api_paste.ini" config_overrides: "{{ cloudkitty_api_paste_ini_overrides }}" config_type: "ini" - - src: "policy.json.j2" - dest: "/etc/cloudkitty/policy.json-{{ cloudkitty_venv_tag }}" - config_overrides: "{{ cloudkitty_policy_overrides }}" - config_type: "json" - src: "cloudkitty-metrics.yml.j2" dest: "/etc/cloudkitty/metrics.yml" config_overrides: "{{ cloudkitty_metrics_overrides }}" @@ -46,3 +42,27 @@ - Restart uwsgi services tags: - cloudkitty-config + +- name: Implement policy.yaml if there are overrides configured + config_template: + dest: "/etc/cloudkitty/policy.yaml" + content: "{{ cloudkitty_policy_overrides }}" + owner: "{{ cloudkitty_system_user_name }}" + group: "{{ cloudkitty_system_group_name }}" + mode: "0644" + config_type: "yaml" + when: + - cloudkitty_policy_overrides | length > 0 + tags: + - cloudkitty-policy-override + - cloudkitty-config + +- name: Remove legacy policy.yaml file + file: + path: "/etc/cloudkitty/policy.yaml" + state: absent + when: + - cloudkitty_policy_overrides | length == 0 + tags: + - cloudkitty-policy-override + - cloudkitty-config diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 deleted file mode 100644 index 833f989..0000000 --- a/templates/policy.json.j2 +++ /dev/null @@ -1,22 +0,0 @@ -{ - "context_is_admin": "role:admin", - "default": "", - - "rating:list_modules": "role:admin", - "rating:get_module": "role:admin", - "rating:update_module": "role:admin", - "rating:quote": "", - - "report:list_tenants": "role:admin", - "report:get_total": "", - - "collector:list_mappings": "role:admin", - "collector:get_mapping": "role:admin", - "collector:manage_mappings": "role:admin", - "collector:get_state": "role:admin", - "collector:update_state": "role:admin", - - "storage:list_data_frames": "", - - "rating:module_config": "role:admin" -}