[goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to replace policy.json to policy.yaml and remove deprecated policy.json. config_template has been choosen instead of the copy, since it can properly handle content that has been lookuped. We make a separate task not to restart service when it's not needed. [1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: Ib434e98cd4df42ea77bcb985eafe2e56b1ac6fe9
This commit is contained in:
parent
21f767d08b
commit
a396d45942
|
@ -31,22 +31,11 @@
|
|||
- "Restart panko services"
|
||||
- "venv changed"
|
||||
|
||||
# Note (odyssey4me):
|
||||
# The policy.json file is currently read continually by the services
|
||||
# and is not only read on service start. We therefore cannot template
|
||||
# directly to the file read by the service because the new policies
|
||||
# may not be valid until the service restarts. This is particularly
|
||||
# important during a major upgrade. We therefore only put the policy
|
||||
# file in place after the service has been stopped.
|
||||
#
|
||||
- name: Copy new policy file into place
|
||||
copy:
|
||||
src: "/etc/panko/policy.json-{{ panko_venv_tag }}"
|
||||
dest: "/etc/panko/policy.json"
|
||||
owner: "root"
|
||||
group: "{{ panko_system_group_name }}"
|
||||
mode: "0640"
|
||||
remote_src: yes
|
||||
# NOTE (noonedeadpunk): Remove this task after Xena release
|
||||
- name: Remove obsoleted policy.json
|
||||
file:
|
||||
path: "/etc/panko/policy.json"
|
||||
state: absent
|
||||
listen:
|
||||
- "Restart panko services"
|
||||
- "venv changed"
|
||||
|
|
|
@ -31,14 +31,32 @@
|
|||
dest: "/etc/panko/api_paste.ini"
|
||||
config_overrides: "{{ panko_api_paste_ini_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "policy.json.j2"
|
||||
dest: "/etc/panko/policy.json-{{ panko_venv_tag }}"
|
||||
config_overrides: "{{ panko_policy_overrides }}"
|
||||
config_type: "json"
|
||||
notify:
|
||||
- Restart panko services
|
||||
- Restart uwsgi services
|
||||
|
||||
- name: Implement policy.yaml if there are overrides configured
|
||||
config_template:
|
||||
content: "{{ panko_policy_overrides }}"
|
||||
dest: "/etc/panko/policy.yaml"
|
||||
owner: "{{ panko_system_user_name }}"
|
||||
group: "{{ panko_system_group_name }}"
|
||||
mode: "0644"
|
||||
config_type: "yaml"
|
||||
when:
|
||||
- panko_policy_overrides | length > 0
|
||||
tags:
|
||||
- panko-policy-override
|
||||
|
||||
- name: Remove legacy policy.yaml file
|
||||
file:
|
||||
path: "/etc/panko/policy.yaml"
|
||||
state: absent
|
||||
when:
|
||||
- panko_policy_overrides | length == 0
|
||||
tags:
|
||||
- panko-policy-override
|
||||
|
||||
- name: Create cron job for panko event expirer
|
||||
cron:
|
||||
name: "Purge old panko events"
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
"context_is_admin": "role:admin",
|
||||
"segregation": "rule:context_is_admin",
|
||||
|
||||
"telemetry:events:index": "",
|
||||
"telemetry:events:show": ""
|
||||
}
|
Loading…
Reference in New Issue