Remove deprecated custom policy file options

This PS removes deprecated custom policy file options, including:

  * cinder_policy_file
  * glance_policy_file
  * keystone_policy_file
  * neutron_policy_file
  * nova_policy_file

Specifying the location of a custom policy file should instead be
done by setting ``[patrole] custom_policy_files`` instead, as it
works with any service name.

Change-Id: I7d5cfa8d3cbd8a3818553ea1066005f9315f100c
This commit is contained in:
Felipe Monteiro 2017-11-01 01:57:49 +00:00
parent 322ca259b9
commit bbd6a3ca59
3 changed files with 14 additions and 43 deletions

View File

@ -46,46 +46,6 @@ assumes Patrole is on the same host as the policy files. The paths should be
ordered by precedence, with high-priority paths before low-priority paths. The
first path that is found to contain the service's policy file will be used.
"""),
cfg.StrOpt('cinder_policy_file',
default='/etc/cinder/policy.json',
help="""Location of the Cinder policy file. Assumed to be on
the same host as Patrole.""",
deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="It is better to use `custom_policy_files` "
"which supports any OpenStack service."),
cfg.StrOpt('glance_policy_file',
default='/etc/glance/policy.json',
help="""Location of the Glance policy file. Assumed to be on
the same host as Patrole.""",
deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="It is better to use `custom_policy_files` "
"which supports any OpenStack service."),
cfg.StrOpt('keystone_policy_file',
default='/etc/keystone/policy.json',
help="""Location of the custom Keystone policy file. Assumed to
be on the same host as Patrole.""",
deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="It is better to use `custom_policy_files` "
"which supports any OpenStack service."),
cfg.StrOpt('neutron_policy_file',
default='/etc/neutron/policy.json',
help="""Location of the Neutron policy file. Assumed to be on
the same host as Patrole.""",
deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="It is better to use `custom_policy_files` "
"which supports any OpenStack service."),
cfg.StrOpt('nova_policy_file',
default='/etc/nova/policy.json',
help="""Location of the custom Nova policy file. Assumed to be
on the same host as Patrole.""",
deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="It is better to use `custom_policy_files` "
"which supports any OpenStack service."),
cfg.BoolOpt('test_custom_requirements',
default=False,
deprecated_group='rbac',

View File

@ -107,12 +107,10 @@ class PolicyAuthority(RbacAuthority):
# Prioritize dynamically searching for policy files over relying on
# deprecated service-specific policy file locations.
self.path = None
if CONF.patrole.custom_policy_files:
self.discover_policy_files()
self.path = self.policy_files.get(service)
else:
self.path = getattr(CONF.patrole, '%s_policy_file' % str(service),
None)
self.rules = policy.Rules.load(self._get_policy_data(service),
'default')

View File

@ -0,0 +1,13 @@
---
deprecations:
- |
Removed the following deprecated Patrole configuration options:
* cinder_policy_file
* glance_policy_file
* keystone_policy_file
* neutron_policy_file
* nova_policy_file
To specify the location of a custom policy file, use
``[patrole] custom_policy_files`` instead.