openstack
/
oslo.policy
Code Issues Proposed changes

Render deprecated policy names when generating files 

We found out the when policy files are generated they don't have
deprecated policies. This can be problematic for services that use
rendered policy files because they could still be using the
deprecated policy name and not the new policy name.

This commit makes sure we render the deprecated policy name
as an alias to the new policy name. This makes it so that operators
don't have to change two policies if they override a deprecated
policy.

Closes-Bug: 1742569

Change-Id: Iaf0c89a035775770ceaa230c65ce8eb195b9d82b
This commit is contained in:
Lance Bragstad 2018-01-10 22:52:46 +00:00
parent 4f68708a49
commit 2ae04ebdef
2 changed files with 56 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
oslo_policy/generator.py
View File

@ -136,24 +136,31 @@ def _format_rule_default_yaml(default, include_help=True):
if default.deprecated_for_removal:
text = (
'# DEPRECATED\n# "%(name)s" has been deprecated since '
'%(since)s.\n%(reason)s\n%(text)s'
'%(since)s.\n%(reason)s\n%(text)s\n'
'"%(name)s": "%(check_str)s"'
) % {'name': default.name,
'check_str': default.check_str,
'since': default.deprecated_since,
'reason': _format_help_text(default.deprecated_reason),
'text': text}
elif default.deprecated_rule:
text = (
'# DEPRECATED\n# "%(old_name)s":"%(old_check_str)s" has been '
# This issues a deprecation warning but aliases the old policy name
# with the new policy name for compatibility.
deprecated_text = (
'DEPRECATED\n"%(old_name)s":"%(old_check_str)s" has been '
'deprecated since %(since)s in favor of '
'"%(name)s":"%(check_str)s".\n'
'%(reason)s\n%(text)s'
'"%(name)s":"%(check_str)s".'
) % {'old_name': default.deprecated_rule.name,
'old_check_str': default.deprecated_rule.check_str,
'since': default.deprecated_since,
'name': default.name,
'check_str': default.check_str,
'reason': _format_help_text(default.deprecated_reason),
'text': text}
'check_str': default.check_str}
text = (
'%(deprecated_text)s\n"%(old_name)s": "rule:%(name)s"\n'
) % {'deprecated_text': _format_help_text(deprecated_text),
'old_name': default.deprecated_rule.name,
'name': default.name}
return text

41
oslo_policy/tests/test_generator.py
View File

@ -160,6 +160,47 @@ class GenerateSampleYAMLTestCase(base.PolicyBaseTestCase):
self.assertEqual(expected, stdout.getvalue())
def test_deprecated_policies_are_aliased_to_new_names(self):
deprecated_rule = policy.DeprecatedRule(
name='foo:post_bar',
check_str='role:fizz'
)
new_rule = policy.RuleDefault(
name='foo:create_bar',
check_str='role:fizz',
description='Create a bar.',
deprecated_rule=deprecated_rule,
deprecated_reason=(
'foo:post_bar is being removed in favor of foo:create_bar'
),
deprecated_since='N'
)
opts = {'rules': [new_rule]}
extensions = []
for name, opts in opts.items():
ext = stevedore.extension.Extension(name=name, entry_point=None,
plugin=None, obj=opts)
extensions.append(ext)
test_mgr = stevedore.named.NamedExtensionManager.make_test_instance(
extensions=extensions, namespace=['rules'])
expected = '''# DEPRECATED
# "foo:post_bar":"role:fizz" has been deprecated since N in favor of
# "foo:create_bar":"role:fizz".
"foo:post_bar": "rule:foo:create_bar"
'''
stdout = self._capture_stdout()
with mock.patch('stevedore.named.NamedExtensionManager',
return_value=test_mgr) as mock_ext_mgr:
generator._generate_sample(['rules'], output_file=None)
mock_ext_mgr.assert_called_once_with(
'oslo.policy.policies', names=['rules'],
on_load_failure_callback=generator.on_load_failure_callback,
invoke_on_load=True
)
self.assertEqual(expected, stdout.getvalue())
def test_empty_line_formatting(self):
rule = [policy.RuleDefault('admin', 'is_admin:True',
description='Check Summary \n'