From 6da394a59a9bf03c91dc53e4db8efe05ffa6c5ad Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Thu, 24 Dec 2020 21:51:04 -0600 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: Ie6e22b0b47c5148290f7b76c95967cd9a343343c --- doc/source/configuration/sample_policy.rst | 9 +++++++++ panko/api/rbac.py | 8 ++++++++ panko/conf/defaults.py | 16 +++++++++++++++ ...ormatted-policy-file-fdb75327a9bdb5b4.yaml | 20 +++++++++++++++++++ requirements.txt | 4 ++-- setup.cfg | 2 +- 6 files changed, 56 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml diff --git a/doc/source/configuration/sample_policy.rst b/doc/source/configuration/sample_policy.rst index e38d666e..29122da7 100644 --- a/doc/source/configuration/sample_policy.rst +++ b/doc/source/configuration/sample_policy.rst @@ -2,6 +2,15 @@ Panko Sample Policy =================== +.. warning:: + + JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + + The following is a sample panko policy file that has been auto-generated from default policy values in code. If you're using the default policies, then the maintenance of this file is not necessary, and it should not be copied into diff --git a/panko/api/rbac.py b/panko/api/rbac.py index 9d92abd3..0b1a1b21 100644 --- a/panko/api/rbac.py +++ b/panko/api/rbac.py @@ -16,6 +16,8 @@ """Access Control Lists (ACL's) control access the API server.""" +from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy import pecan @@ -23,6 +25,12 @@ from panko import policies _ENFORCER = None +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + def init(): global _ENFORCER diff --git a/panko/conf/defaults.py b/panko/conf/defaults.py index e87b1530..1252ff8b 100644 --- a/panko/conf/defaults.py +++ b/panko/conf/defaults.py @@ -12,7 +12,23 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_config import cfg from oslo_middleware import cors +from oslo_policy import opts as policy_opts + + +def set_lib_defaults(): + """Update default value for configuration options from other namespace. + + Example, oslo lib config options. This is needed for + config generator tool to pick these default value changes. + https://docs.openstack.org/oslo.config/latest/cli/ + generator.html#modifying-defaults-from-other-namespaces + """ + set_cors_middleware_defaults() + + # Update default value of oslo.policy policy_file config option. + policy_opts.set_defaults(cfg.CONF, 'policy.yaml') def set_cors_middleware_defaults(): diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml new file mode 100644 index 00000000..c9c53000 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index e994859b..5922d660 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ tenacity>=3.1.0 # Apache-2.0 keystonemiddleware>=5.1.0 # Apache-2.0 lxml>=2.3 # BSD oslo.db>=4.1.0 # Apache-2.0 -oslo.config>=3.9.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 oslo.context>=2.22.0 # Apache-2.0 oslo.i18n>=2.1.0 # Apache-2.0 oslo.log>=4.3.0 # Apache-2.0 @@ -20,7 +20,7 @@ pecan>=1.0.0 # BSD oslo.middleware>=3.10.0 # Apache-2.0 oslo.serialization>=2.25.0 # Apache-2.0 oslo.utils>=3.5.0 # Apache-2.0 -PyYAML>=3.1.0 # MIT +PyYAML>=5.1.0 # MIT SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT stevedore>=1.9.0 # Apache-2.0 WebOb>=1.2.3 # MIT diff --git a/setup.cfg b/setup.cfg index 22cdcf6b..5fb11b51 100644 --- a/setup.cfg +++ b/setup.cfg @@ -53,7 +53,7 @@ oslo.policy.policies = panko = panko.policies:list_policies oslo.config.opts.defaults = - panko = panko.conf.defaults:set_cors_middleware_defaults + panko = panko.conf.defaults:set_lib_defaults [extract_messages] keywords = _ gettext ngettext l_ lazy_gettext