Merge "[goal] Deprecate the JSON formatted policy file"
This commit is contained in:
commit
053b147b48
@ -2,6 +2,15 @@
|
|||||||
Panko Sample Policy
|
Panko Sample Policy
|
||||||
===================
|
===================
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby).
|
||||||
|
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||||
|
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||||
|
|
||||||
|
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||||
|
|
||||||
|
|
||||||
The following is a sample panko policy file that has been auto-generated
|
The following is a sample panko policy file that has been auto-generated
|
||||||
from default policy values in code. If you're using the default policies, then
|
from default policy values in code. If you're using the default policies, then
|
||||||
the maintenance of this file is not necessary, and it should not be copied into
|
the maintenance of this file is not necessary, and it should not be copied into
|
||||||
|
@ -16,6 +16,8 @@
|
|||||||
|
|
||||||
"""Access Control Lists (ACL's) control access the API server."""
|
"""Access Control Lists (ACL's) control access the API server."""
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
import pecan
|
import pecan
|
||||||
|
|
||||||
@ -23,6 +25,12 @@ from panko import policies
|
|||||||
|
|
||||||
_ENFORCER = None
|
_ENFORCER = None
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
|
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
|
||||||
|
|
||||||
|
|
||||||
def init():
|
def init():
|
||||||
global _ENFORCER
|
global _ENFORCER
|
||||||
|
@ -12,7 +12,23 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from oslo_config import cfg
|
||||||
from oslo_middleware import cors
|
from oslo_middleware import cors
|
||||||
|
from oslo_policy import opts as policy_opts
|
||||||
|
|
||||||
|
|
||||||
|
def set_lib_defaults():
|
||||||
|
"""Update default value for configuration options from other namespace.
|
||||||
|
|
||||||
|
Example, oslo lib config options. This is needed for
|
||||||
|
config generator tool to pick these default value changes.
|
||||||
|
https://docs.openstack.org/oslo.config/latest/cli/
|
||||||
|
generator.html#modifying-defaults-from-other-namespaces
|
||||||
|
"""
|
||||||
|
set_cors_middleware_defaults()
|
||||||
|
|
||||||
|
# Update default value of oslo.policy policy_file config option.
|
||||||
|
policy_opts.set_defaults(cfg.CONF, 'policy.yaml')
|
||||||
|
|
||||||
|
|
||||||
def set_cors_middleware_defaults():
|
def set_cors_middleware_defaults():
|
||||||
|
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The default value of ``[oslo_policy] policy_file`` config option has
|
||||||
|
been changed from ``policy.json`` to ``policy.yaml``.
|
||||||
|
Operators who are utilizing customized or previously generated
|
||||||
|
static policy JSON files (which are not needed by default), should
|
||||||
|
generate new policy files or convert them in YAML format. Use the
|
||||||
|
`oslopolicy-convert-json-to-yaml
|
||||||
|
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||||
|
tool to convert a JSON to YAML formatted policy file in
|
||||||
|
backward compatible way.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Use of JSON policy files was deprecated by the ``oslo.policy`` library
|
||||||
|
during the Victoria development cycle. As a result, this deprecation is
|
||||||
|
being noted in the Wallaby cycle with an anticipated future removal of support
|
||||||
|
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||||
|
files. Please see the upgrade notes for details on migration of any
|
||||||
|
custom policy files.
|
@ -7,7 +7,7 @@ tenacity>=3.1.0 # Apache-2.0
|
|||||||
keystonemiddleware>=5.1.0 # Apache-2.0
|
keystonemiddleware>=5.1.0 # Apache-2.0
|
||||||
lxml>=2.3 # BSD
|
lxml>=2.3 # BSD
|
||||||
oslo.db>=4.1.0 # Apache-2.0
|
oslo.db>=4.1.0 # Apache-2.0
|
||||||
oslo.config>=3.9.0 # Apache-2.0
|
oslo.config>=6.8.0 # Apache-2.0
|
||||||
oslo.context>=2.22.0 # Apache-2.0
|
oslo.context>=2.22.0 # Apache-2.0
|
||||||
oslo.i18n>=2.1.0 # Apache-2.0
|
oslo.i18n>=2.1.0 # Apache-2.0
|
||||||
oslo.log>=4.3.0 # Apache-2.0
|
oslo.log>=4.3.0 # Apache-2.0
|
||||||
@ -20,7 +20,7 @@ pecan>=1.0.0 # BSD
|
|||||||
oslo.middleware>=3.10.0 # Apache-2.0
|
oslo.middleware>=3.10.0 # Apache-2.0
|
||||||
oslo.serialization>=2.25.0 # Apache-2.0
|
oslo.serialization>=2.25.0 # Apache-2.0
|
||||||
oslo.utils>=3.5.0 # Apache-2.0
|
oslo.utils>=3.5.0 # Apache-2.0
|
||||||
PyYAML>=3.1.0 # MIT
|
PyYAML>=5.1.0 # MIT
|
||||||
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
|
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
|
||||||
stevedore>=1.9.0 # Apache-2.0
|
stevedore>=1.9.0 # Apache-2.0
|
||||||
WebOb>=1.2.3 # MIT
|
WebOb>=1.2.3 # MIT
|
||||||
|
Loading…
Reference in New Issue
Block a user