Remove deprecated custom policy file options
This PS removes deprecated custom policy file options, including: * cinder_policy_file * glance_policy_file * keystone_policy_file * neutron_policy_file * nova_policy_file Specifying the location of a custom policy file should instead be done by setting ``[patrole] custom_policy_files`` instead, as it works with any service name. Change-Id: I7d5cfa8d3cbd8a3818553ea1066005f9315f100c
This commit is contained in:
parent
322ca259b9
commit
bbd6a3ca59
|
@ -46,46 +46,6 @@ assumes Patrole is on the same host as the policy files. The paths should be
|
|||
ordered by precedence, with high-priority paths before low-priority paths. The
|
||||
first path that is found to contain the service's policy file will be used.
|
||||
"""),
|
||||
cfg.StrOpt('cinder_policy_file',
|
||||
default='/etc/cinder/policy.json',
|
||||
help="""Location of the Cinder policy file. Assumed to be on
|
||||
the same host as Patrole.""",
|
||||
deprecated_group='rbac',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="It is better to use `custom_policy_files` "
|
||||
"which supports any OpenStack service."),
|
||||
cfg.StrOpt('glance_policy_file',
|
||||
default='/etc/glance/policy.json',
|
||||
help="""Location of the Glance policy file. Assumed to be on
|
||||
the same host as Patrole.""",
|
||||
deprecated_group='rbac',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="It is better to use `custom_policy_files` "
|
||||
"which supports any OpenStack service."),
|
||||
cfg.StrOpt('keystone_policy_file',
|
||||
default='/etc/keystone/policy.json',
|
||||
help="""Location of the custom Keystone policy file. Assumed to
|
||||
be on the same host as Patrole.""",
|
||||
deprecated_group='rbac',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="It is better to use `custom_policy_files` "
|
||||
"which supports any OpenStack service."),
|
||||
cfg.StrOpt('neutron_policy_file',
|
||||
default='/etc/neutron/policy.json',
|
||||
help="""Location of the Neutron policy file. Assumed to be on
|
||||
the same host as Patrole.""",
|
||||
deprecated_group='rbac',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="It is better to use `custom_policy_files` "
|
||||
"which supports any OpenStack service."),
|
||||
cfg.StrOpt('nova_policy_file',
|
||||
default='/etc/nova/policy.json',
|
||||
help="""Location of the custom Nova policy file. Assumed to be
|
||||
on the same host as Patrole.""",
|
||||
deprecated_group='rbac',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="It is better to use `custom_policy_files` "
|
||||
"which supports any OpenStack service."),
|
||||
cfg.BoolOpt('test_custom_requirements',
|
||||
default=False,
|
||||
deprecated_group='rbac',
|
||||
|
|
|
@ -107,12 +107,10 @@ class PolicyAuthority(RbacAuthority):
|
|||
|
||||
# Prioritize dynamically searching for policy files over relying on
|
||||
# deprecated service-specific policy file locations.
|
||||
self.path = None
|
||||
if CONF.patrole.custom_policy_files:
|
||||
self.discover_policy_files()
|
||||
self.path = self.policy_files.get(service)
|
||||
else:
|
||||
self.path = getattr(CONF.patrole, '%s_policy_file' % str(service),
|
||||
None)
|
||||
|
||||
self.rules = policy.Rules.load(self._get_policy_data(service),
|
||||
'default')
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
Removed the following deprecated Patrole configuration options:
|
||||
|
||||
* cinder_policy_file
|
||||
* glance_policy_file
|
||||
* keystone_policy_file
|
||||
* neutron_policy_file
|
||||
* nova_policy_file
|
||||
|
||||
To specify the location of a custom policy file, use
|
||||
``[patrole] custom_policy_files`` instead.
|
Loading…
Reference in New Issue