Merge "[goal] Deprecate the JSON formatted policy file"

defaults/main.yml

@@ -88,6 +88,7 @@ masakari_monitor_pip_packages:
 masakari_api_paste_ini_overrides: {}
 masakari_masakari_conf_overrides: {}
 masakari_policy_json_overrides: {}
+masakari_policy_overrides: "{{ masakari_policy_json_overrides }}"
 masakari_api_init_overrides: {}
 masakari_engine_init_overrides: {}
 masakari_monitors_conf_overrides: {}

handlers/main.yml

@@ -23,6 +23,15 @@
   listen:
     - "venv changed"
 
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
+  file:
+    path: "{{ masakari_etc_dir }}/policy.json"
+    state: absent
+  listen:
+    - "Restart masakari services"
+    - "venv changed"
+
 - meta: noop
   listen: Manage LB
   when: false

releasenotes/notes/deprecate_masakari_policy_json-979fc92a3fc8ceb3.yaml

@@ -0,0 +1,7 @@
+---
+deprecations:
+  - |
+    Variable ``masakari_policy_json_overrides`` has been deprecated in favor of the
+    ``masakari_policy_overrides`` and will be removed after X release.
+    As for now ``masakari_policy_overrides`` defaults to
+    ``masakari_policy_json_overrides`` for compatability.

tasks/masakari_post_install.yml

@@ -34,11 +34,6 @@
       config_overrides: "{{ masakari_masakari_conf_overrides }}"
       config_type: "ini"
       condition: "{{ masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names }}"
-    - src: "policy.json.j2"
-      dest: "{{ masakari_etc_dir }}/policy.json"
-      config_overrides: "{{ masakari_policy_json_overrides }}"
-      config_type: "json"
-      condition: "{{ masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names }}"
     - src: "masakarimonitors.conf.j2"
       dest: "{{ masakari_monitor_etc_dir }}/masakarimonitors.conf"
       config_overrides: "{{ masakari_monitors_conf_overrides }}"
@@ -52,6 +47,30 @@
   notify:
     - Restart masakari services
 
+- name: Implement policy.yaml
+  config_template:
+    content: "{{ masakari_policy_overrides }}"
+    dest: "{{ masakari_etc_dir }}/policy.yaml"
+    owner: "root"
+    group: "{{ masakari_system_group_name }}"
+    mode: "0640"
+    config_type: yaml
+  when:
+    - masakari_policy_overrides | length > 0
+    - masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names
+  tags:
+    - masakari-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "{{ masakari_etc_dir }}/policy.yaml"
+    state: absent
+  when:
+    - masakari_policy_overrides | length == 0
+    - masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names
+  tags:
+    - masakari-policy-override
+
 - name: Deploy masakari-monitors sudoers files
   template:
     src: "masakari_sudoers.j2"

templates/policy.json.j2

@@ -1,10 +0,0 @@
-{
-    "admin_api": "is_admin:True",
-    "context_is_admin":  "role:admin",
-    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_api",
-    "os_masakari_api:extensions": "rule:admin_api",
-    "os_masakari_api:segments": "rule:admin_api",
-    "os_masakari_api:os-hosts": "rule:admin_api",
-    "os_masakari_api:notifications": "rule:admin_api"
-}