[goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to replace policy.json to policy.yaml and remove deprecated policy.json. config_template has been choosen instead of the copy, since it can properly handle content that has been lookuped. We make a separate task not to restart service when it's not needed. [1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I866fea573429ddcedf1547d9fa8a7caae448eca2
This commit is contained in:
parent
d14cd8cea4
commit
eccf80bb7f
|
@ -38,3 +38,12 @@
|
|||
listen:
|
||||
- "Restart trove services"
|
||||
- "venv changed"
|
||||
|
||||
# NOTE (noonedeadpunk): Remove this task after Xena release
|
||||
- name: Remove obsoleted policy.json
|
||||
file:
|
||||
path: "/etc/trove/policy.json"
|
||||
state: absent
|
||||
listen:
|
||||
- "Restart trove services"
|
||||
- "venv changed"
|
||||
|
|
|
@ -33,14 +33,32 @@
|
|||
dest: "/etc/trove/trove.conf"
|
||||
config_overrides: "{{ trove_config_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "policy.json.j2"
|
||||
dest: "/etc/trove/policy.json"
|
||||
config_overrides: "{{ trove_policy_overrides }}"
|
||||
config_type: "json"
|
||||
notify:
|
||||
- Restart trove API services
|
||||
when: inventory_hostname in groups['trove_api']
|
||||
|
||||
- name: Implement policy.yaml if there are overrides configured
|
||||
config_template:
|
||||
content: "{{ trove_policy_overrides }}"
|
||||
dest: "/etc/trove/policy.yaml"
|
||||
owner: "{{ trove_system_user_name }}"
|
||||
group: "{{ trove_system_group_name }}"
|
||||
mode: "0644"
|
||||
config_type: yaml
|
||||
when:
|
||||
- trove_policy_overrides | length > 0
|
||||
tags:
|
||||
- trove-policy-override
|
||||
|
||||
- name: Remove legacy policy.yaml file
|
||||
file:
|
||||
path: "/etc/trove/policy.yaml"
|
||||
state: absent
|
||||
when:
|
||||
- trove_policy_overrides | length == 0
|
||||
tags:
|
||||
- trove-policy-override
|
||||
|
||||
- name: Drop trove-conductor Config(s)
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
|
|
|
@ -1,97 +0,0 @@
|
|||
{
|
||||
"admin": "role:admin or is_admin:True",
|
||||
"admin_or_owner": "rule:admin or tenant:%(tenant)s",
|
||||
"default": "rule:admin_or_owner",
|
||||
|
||||
"instance:create": "rule:admin_or_owner",
|
||||
"instance:delete": "rule:admin_or_owner",
|
||||
"instance:force_delete": "rule:admin_or_owner",
|
||||
"instance:index": "rule:admin_or_owner",
|
||||
"instance:show": "rule:admin_or_owner",
|
||||
"instance:update": "rule:admin_or_owner",
|
||||
"instance:edit": "rule:admin_or_owner",
|
||||
"instance:restart": "rule:admin_or_owner",
|
||||
"instance:resize_volume": "rule:admin_or_owner",
|
||||
"instance:resize_flavor": "rule:admin_or_owner",
|
||||
"instance:reset_status": "rule:admin",
|
||||
"instance:promote_to_replica_source": "rule:admin_or_owner",
|
||||
"instance:eject_replica_source": "rule:admin_or_owner",
|
||||
"instance:configuration": "rule:admin_or_owner",
|
||||
"instance:guest_log_list": "rule:admin_or_owner",
|
||||
"instance:backups": "rule:admin_or_owner",
|
||||
"instance:module_list": "rule:admin_or_owner",
|
||||
"instance:module_apply": "rule:admin_or_owner",
|
||||
"instance:module_remove": "rule:admin_or_owner",
|
||||
|
||||
"instance:extension:root:create": "rule:admin_or_owner",
|
||||
"instance:extension:root:delete": "rule:admin_or_owner",
|
||||
"instance:extension:root:index": "rule:admin_or_owner",
|
||||
|
||||
"instance:extension:user:create": "rule:admin_or_owner",
|
||||
"instance:extension:user:delete": "rule:admin_or_owner",
|
||||
"instance:extension:user:index": "rule:admin_or_owner",
|
||||
"instance:extension:user:show": "rule:admin_or_owner",
|
||||
"instance:extension:user:update": "rule:admin_or_owner",
|
||||
"instance:extension:user:update_all": "rule:admin_or_owner",
|
||||
|
||||
"instance:extension:user_access:update": "rule:admin_or_owner",
|
||||
"instance:extension:user_access:delete": "rule:admin_or_owner",
|
||||
"instance:extension:user_access:index": "rule:admin_or_owner",
|
||||
|
||||
"instance:extension:database:create": "rule:admin_or_owner",
|
||||
"instance:extension:database:delete": "rule:admin_or_owner",
|
||||
"instance:extension:database:index": "rule:admin_or_owner",
|
||||
"instance:extension:database:show": "rule:admin_or_owner",
|
||||
|
||||
"cluster:create": "rule:admin_or_owner",
|
||||
"cluster:delete": "rule:admin_or_owner",
|
||||
"cluster:force_delete": "rule:admin_or_owner",
|
||||
"cluster:index": "rule:admin_or_owner",
|
||||
"cluster:show": "rule:admin_or_owner",
|
||||
"cluster:show_instance": "rule:admin_or_owner",
|
||||
"cluster:action": "rule:admin_or_owner",
|
||||
"cluster:reset-status": "rule:admin",
|
||||
|
||||
"cluster:extension:root:create": "rule:admin_or_owner",
|
||||
"cluster:extension:root:delete": "rule:admin_or_owner",
|
||||
"cluster:extension:root:index": "rule:admin_or_owner",
|
||||
|
||||
"backup:create": "rule:admin_or_owner",
|
||||
"backup:delete": "rule:admin_or_owner",
|
||||
"backup:index": "rule:admin_or_owner",
|
||||
"backup:show": "rule:admin_or_owner",
|
||||
|
||||
"configuration:create": "rule:admin_or_owner",
|
||||
"configuration:delete": "rule:admin_or_owner",
|
||||
"configuration:index": "rule:admin_or_owner",
|
||||
"configuration:show": "rule:admin_or_owner",
|
||||
"configuration:instances": "rule:admin_or_owner",
|
||||
"configuration:update": "rule:admin_or_owner",
|
||||
"configuration:edit": "rule:admin_or_owner",
|
||||
|
||||
"configuration-parameter:index": "rule:admin_or_owner",
|
||||
"configuration-parameter:show": "rule:admin_or_owner",
|
||||
"configuration-parameter:index_by_version": "rule:admin_or_owner",
|
||||
"configuration-parameter:show_by_version": "rule:admin_or_owner",
|
||||
|
||||
"datastore:index": "",
|
||||
"datastore:show": "",
|
||||
"datastore:version_show": "",
|
||||
"datastore:version_show_by_uuid": "",
|
||||
"datastore:version_index": "",
|
||||
"datastore:list_associated_flavors": "",
|
||||
"datastore:list_associated_volume_types": "",
|
||||
|
||||
"flavor:index": "",
|
||||
"flavor:show": "",
|
||||
|
||||
"limits:index": "rule:admin_or_owner",
|
||||
|
||||
"module:create": "rule:admin_or_owner",
|
||||
"module:delete": "rule:admin_or_owner",
|
||||
"module:index": "rule:admin_or_owner",
|
||||
"module:show": "rule:admin_or_owner",
|
||||
"module:instances": "rule:admin_or_owner",
|
||||
"module:update": "rule:admin_or_owner",
|
||||
"module:reapply": "rule:admin_or_owner"
|
||||
}
|
Loading…
Reference in New Issue