Remove leftovers of retirement

Change-Id: I5acab95813ac3d0604f73c377bf111f423a008bc
2021-07-09 10:57:45 +02:00
parent ca45bbdca0
commit 92be85c4ca
7 changed files with 1 additions and 305 deletions
--- a/README.rst
+++ b/README.rst
@@ -3,7 +3,7 @@ This project is no longer maintained.
 The contents of this repository are still available in the Git source
 code management system. To see the contents of this repository before
 it reached its end of life, please check out the previous commit with
-"git checkout HEAD^1".
+"git checkout HEAD^2".
 For any further questions, please email
 openstack-discuss@lists.openstack.org or join
--- a/doc/source/configuration/sample_policy.rst
+++ b/doc/source/configuration/sample_policy.rst
@@ -1,25 +0,0 @@
 ===================
 Panko Sample Policy
 ===================
 .. warning::
   JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby).
   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
   JSON-formatted policy file to YAML in a backward-compatible way.
 .. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
 The following is a sample panko policy file that has been auto-generated
 from default policy values in code. If you're using the default policies, then
 the maintenance of this file is not necessary, and it should not be copied into
 a deployment. Doing so will result in duplicate policy definitions. It is here
 to help explain which policy operations protect specific panko APIs, but it
 is not suggested to copy and paste into a deployment unless you're planning on
 providing a different policy for an operation that is not the default.
 The sample policy file can also be viewed in
 :download:`file form <../_static/panko.policy.yaml.sample>`.
 .. literalinclude:: ../_static/panko.policy.yaml.sample
--- a/panko/api/rbac.py
+++ b/panko/api/rbac.py
@@ -1,116 +0,0 @@
 #
 # Copyright 2012 New Dream Network, LLC (DreamHost)
 # Copyright 2014 Hewlett-Packard Company
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 """Access Control Lists (ACL's) control access the API server."""
 from oslo_config import cfg
 from oslo_policy import opts
 from oslo_policy import policy
 import pecan
 from panko import policies
 _ENFORCER = None
 # TODO(gmann): Remove setting the default value of config policy_file
 # once oslo_policy change the default value to 'policy.yaml'.
 # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
 DEFAULT_POLICY_FILE = 'policy.yaml'
 opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
 def init():
    global _ENFORCER
    if not _ENFORCER:
        _ENFORCER = policy.Enforcer(pecan.request.cfg)
        _ENFORCER.load_rules()
        _ENFORCER.register_defaults(policies.list_policies())
 def reset():
    global _ENFORCER
    if _ENFORCER:
        _ENFORCER.clear()
        _ENFORCER = None
 def _has_rule(name):
    return name in _ENFORCER.rules.keys()
 def enforce(policy_name, request):
    """Return the user and project the request should be limited to.
    :param request: HTTP request
    :param policy_name: the policy name to validate authz against.
    """
    init()
    rule_method = "telemetry:" + policy_name
    headers = request.headers
    policy_dict = dict()
    policy_dict['roles'] = headers.get('X-Roles', "").split(",")
    policy_dict['user_id'] = (headers.get('X-User-Id'))
    policy_dict['project_id'] = (headers.get('X-Project-Id'))
    # maintain backward compat with Juno and previous by allowing the action if
    # there is no rule defined for it
    if ((_has_rule('default') or _has_rule(rule_method)) and
            not _ENFORCER.enforce(rule_method, {}, policy_dict)):
        pecan.core.abort(status_code=403, detail='RBAC Authorization Failed')
 # TODO(fabiog): these methods are still used because the scoping part is really
 # convoluted and difficult to separate out.
 def get_limited_to(headers):
    """Return the user and project the request should be limited to.
    :param headers: HTTP headers dictionary
    :return: A tuple of (user, project), set to None if there's no limit on
             one of these.
    """
    init()
    policy_dict = dict()
    policy_dict['roles'] = headers.get('X-Roles', "").split(",")
    policy_dict['user_id'] = (headers.get('X-User-Id'))
    policy_dict['project_id'] = (headers.get('X-Project-Id'))
    # maintain backward compat with Juno and previous by using context_is_admin
    # rule if the segregation rule (added in Kilo) is not defined
    rule_name = 'segregation' if _has_rule(
        'segregation') else 'context_is_admin'
    if not _ENFORCER.enforce(rule_name,
                             {},
                             policy_dict):
        return headers.get('X-User-Id'), headers.get('X-Project-Id')
    return None, None
 def get_limited_to_project(headers):
    """Return the project the request should be limited to.
    :param headers: HTTP headers dictionary
    :return: A project, or None if there's no limit on it.
    """
    return get_limited_to(headers)[1]
--- a/panko/conf/defaults.py
+++ b/panko/conf/defaults.py
@@ -1,53 +0,0 @@
 # Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 from oslo_config import cfg
 from oslo_middleware import cors
 from oslo_policy import opts as policy_opts
 def set_lib_defaults():
    """Update default value for configuration options from other namespace.
    Example, oslo lib config options. This is needed for
    config generator tool to pick these default value changes.
    https://docs.openstack.org/oslo.config/latest/cli/
    generator.html#modifying-defaults-from-other-namespaces
    """
    set_cors_middleware_defaults()
    # Update default value of oslo.policy policy_file config option.
    policy_opts.set_defaults(cfg.CONF, 'policy.yaml')
 def set_cors_middleware_defaults():
    """Update default configuration options for oslo.middleware."""
    cors.set_defaults(
        allow_headers=['X-Auth-Token',
                       'X-Identity-Status',
                       'X-Roles',
                       'X-Service-Catalog',
                       'X-User-Id',
                       'X-Tenant-Id',
                       'X-Openstack-Request-Id'],
        expose_headers=['X-Auth-Token',
                        'X-Subject-Token',
                        'X-Service-Token',
                        'X-Openstack-Request-Id'],
        allow_methods=['GET',
                       'PUT',
                       'POST',
                       'DELETE',
                       'PATCH']
    )
--- a/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml
@@ -1,20 +0,0 @@
 ---
 upgrade:
  - |
    The default value of ``[oslo_policy] policy_file`` config option has
    been changed from ``policy.json`` to ``policy.yaml``.
    Operators who are utilizing customized or previously generated
    static policy JSON files (which are not needed by default), should
    generate new policy files or convert them in YAML format. Use the
    `oslopolicy-convert-json-to-yaml
    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
    tool to convert a JSON to YAML formatted policy file in
    backward compatible way.
 deprecations:
  - |
    Use of JSON policy files was deprecated by the ``oslo.policy`` library
    during the Victoria development cycle. As a result, this deprecation is
    being noted in the Wallaby cycle with an anticipated future removal of support
    by ``oslo.policy``. As such operators will need to convert to YAML policy
    files. Please see the upgrade notes for details on migration of any
    custom policy files.
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,33 +0,0 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 debtcollector>=1.2.0  # Apache-2.0
 tenacity>=3.1.0 # Apache-2.0
 keystonemiddleware>=5.1.0 # Apache-2.0
 lxml>=2.3 # BSD
 oslo.db>=4.1.0 # Apache-2.0
 oslo.config>=6.8.0 # Apache-2.0
 oslo.context>=2.22.0 # Apache-2.0
 oslo.i18n>=2.1.0 # Apache-2.0
 oslo.log>=4.3.0 # Apache-2.0
 oslo.policy>=3.6.0 # Apache-2.0
 oslo.reports>=0.6.0 # Apache-2.0
 Paste
 PasteDeploy>=1.5.0 # MIT
 pbr>=2.0.0 # Apache-2.0
 pecan>=1.0.0 # BSD
 oslo.middleware>=3.10.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0
 oslo.utils>=3.5.0 # Apache-2.0
 PyYAML>=5.1.0 # MIT
 SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
 stevedore>=1.9.0 # Apache-2.0
 WebOb>=1.2.3 # MIT
 WSME>=0.8 # MIT
 alembic>=0.7.6,!=0.8.1,!=0.9.0
 # NOTE(jd) We do not import it directly, but WSME datetime string parsing
 # behaviour changes when this library is installed
 python-dateutil>=2.4.2 # BSD
 pymongo!=3.1  # Apache-2.0
 elasticsearch<3.0.0  # Apache-2.0
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,57 +0,0 @@
 [metadata]
 name = panko
 summary = Event storage publisher and API for Ceilometer
 description_file =
    README.rst
 author = OpenStack
 author_email = openstack-dev@lists.openstack.org
 home_page = https://docs.openstack.org/panko/latest/
 python_requires = >=3.6
 classifier =
    Environment :: OpenStack
    Intended Audience :: Information Technology
    Intended Audience :: System Administrators
    License :: OSI Approved :: Apache Software License
    Operating System :: POSIX :: Linux
    Programming Language :: Python
    Programming Language :: Python :: Implementation :: CPython
    Programming Language :: Python :: 3 :: Only
    Programming Language :: Python :: 3
    Programming Language :: Python :: 3.6
    Programming Language :: Python :: 3.7
    Programming Language :: Python :: 3.8
    Topic :: System :: Monitoring
 [files]
 packages =
    panko
 [entry_points]
 panko.storage =
    es = panko.storage.impl_elasticsearch:Connection
    log = panko.storage.impl_log:Connection
    mongodb = panko.storage.impl_mongodb:Connection
    mysql = panko.storage.impl_sqlalchemy:Connection
    postgresql = panko.storage.impl_sqlalchemy:Connection
    sqlite = panko.storage.impl_sqlalchemy:Connection
    hbase = panko.storage.impl_hbase:Connection
 console_scripts =
    panko-dbsync = panko.cmd.storage:dbsync
    panko-expirer = panko.cmd.storage:expirer
 wsgi_scripts =
    panko-api = panko.api.app:build_wsgi_app
 ceilometer.event.publisher =
    panko = panko.publisher.database:DatabasePublisher
 oslo.config.opts =
    panko = panko.opts:list_opts
 oslo.policy.policies =
    panko = panko.policies:list_policies
 oslo.config.opts.defaults =
    panko = panko.conf.defaults:set_lib_defaults