diff --git a/doc/source/configuration/sample_policy.rst b/doc/source/configuration/sample_policy.rst index e38d666e..29122da7 100644 --- a/doc/source/configuration/sample_policy.rst +++ b/doc/source/configuration/sample_policy.rst @@ -2,6 +2,15 @@ Panko Sample Policy =================== +.. warning:: + + JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + + The following is a sample panko policy file that has been auto-generated from default policy values in code. If you're using the default policies, then the maintenance of this file is not necessary, and it should not be copied into diff --git a/panko/api/rbac.py b/panko/api/rbac.py index 9d92abd3..0b1a1b21 100644 --- a/panko/api/rbac.py +++ b/panko/api/rbac.py @@ -16,6 +16,8 @@ """Access Control Lists (ACL's) control access the API server.""" +from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy import pecan @@ -23,6 +25,12 @@ from panko import policies _ENFORCER = None +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + def init(): global _ENFORCER diff --git a/panko/conf/defaults.py b/panko/conf/defaults.py index e87b1530..1252ff8b 100644 --- a/panko/conf/defaults.py +++ b/panko/conf/defaults.py @@ -12,7 +12,23 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_middleware import cors +from oslo_policy import opts as policy_opts + + +def set_lib_defaults(): + """Update default value for configuration options from other namespace. + + Example, oslo lib config options. This is needed for + config generator tool to pick these default value changes. + https://docs.openstack.org/oslo.config/latest/cli/ + generator.html#modifying-defaults-from-other-namespaces + """ + set_cors_middleware_defaults() + + # Update default value of oslo.policy policy_file config option. + policy_opts.set_defaults(cfg.CONF, 'policy.yaml') def set_cors_middleware_defaults(): diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml new file mode 100644 index 00000000..c9c53000 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index e994859b..5922d660 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ tenacity>=3.1.0 # Apache-2.0 keystonemiddleware>=5.1.0 # Apache-2.0 lxml>=2.3 # BSD oslo.db>=4.1.0 # Apache-2.0 -oslo.config>=3.9.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 oslo.context>=2.22.0 # Apache-2.0 oslo.i18n>=2.1.0 # Apache-2.0 oslo.log>=4.3.0 # Apache-2.0 @@ -20,7 +20,7 @@ pecan>=1.0.0 # BSD oslo.middleware>=3.10.0 # Apache-2.0 oslo.serialization>=2.25.0 # Apache-2.0 oslo.utils>=3.5.0 # Apache-2.0 -PyYAML>=3.1.0 # MIT +PyYAML>=5.1.0 # MIT SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT stevedore>=1.9.0 # Apache-2.0 WebOb>=1.2.3 # MIT diff --git a/setup.cfg b/setup.cfg index 28fdc423..7423a3fb 100644 --- a/setup.cfg +++ b/setup.cfg @@ -53,5 +53,5 @@ oslo.policy.policies = panko = panko.policies:list_policies oslo.config.opts.defaults = - panko = panko.conf.defaults:set_cors_middleware_defaults + panko = panko.conf.defaults:set_lib_defaults