From bbd6a3ca5951939bf891964914535563f83f77e6 Mon Sep 17 00:00:00 2001
From: Felipe Monteiro <felipe.monteiro@att.com>
Date: Wed, 1 Nov 2017 01:57:49 +0000
Subject: [PATCH] Remove deprecated custom policy file options

This PS removes deprecated custom policy file options, including:

  * cinder_policy_file
  * glance_policy_file
  * keystone_policy_file
  * neutron_policy_file
  * nova_policy_file

Specifying the location of a custom policy file should instead be
done by setting ``[patrole] custom_policy_files`` instead, as it
works with any service name.

Change-Id: I7d5cfa8d3cbd8a3818553ea1066005f9315f100c
---
 patrole_tempest_plugin/config.py              | 40 -------------------
 patrole_tempest_plugin/policy_authority.py    |  4 +-
 ...e-named-policy-files-134f3045502e9ce9.yaml | 13 ++++++
 3 files changed, 14 insertions(+), 43 deletions(-)
 create mode 100644 releasenotes/notes/remove-named-policy-files-134f3045502e9ce9.yaml

diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index 200da851..d309d605 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py
@@ -46,46 +46,6 @@ assumes Patrole is on the same host as the policy files. The paths should be
 ordered by precedence, with high-priority paths before low-priority paths. The
 first path that is found to contain the service's policy file will be used.
 """),
-    cfg.StrOpt('cinder_policy_file',
-               default='/etc/cinder/policy.json',
-               help="""Location of the Cinder policy file. Assumed to be on
-the same host as Patrole.""",
-               deprecated_group='rbac',
-               deprecated_for_removal=True,
-               deprecated_reason="It is better to use `custom_policy_files` "
-                                 "which supports any OpenStack service."),
-    cfg.StrOpt('glance_policy_file',
-               default='/etc/glance/policy.json',
-               help="""Location of the Glance policy file. Assumed to be on
-the same host as Patrole.""",
-               deprecated_group='rbac',
-               deprecated_for_removal=True,
-               deprecated_reason="It is better to use `custom_policy_files` "
-                                 "which supports any OpenStack service."),
-    cfg.StrOpt('keystone_policy_file',
-               default='/etc/keystone/policy.json',
-               help="""Location of the custom Keystone policy file. Assumed to
-be on the same host as Patrole.""",
-               deprecated_group='rbac',
-               deprecated_for_removal=True,
-               deprecated_reason="It is better to use `custom_policy_files` "
-                                 "which supports any OpenStack service."),
-    cfg.StrOpt('neutron_policy_file',
-               default='/etc/neutron/policy.json',
-               help="""Location of the Neutron policy file. Assumed to be on
-the same host as Patrole.""",
-               deprecated_group='rbac',
-               deprecated_for_removal=True,
-               deprecated_reason="It is better to use `custom_policy_files` "
-                                 "which supports any OpenStack service."),
-    cfg.StrOpt('nova_policy_file',
-               default='/etc/nova/policy.json',
-               help="""Location of the custom Nova policy file. Assumed to be
-on the same host as Patrole.""",
-               deprecated_group='rbac',
-               deprecated_for_removal=True,
-               deprecated_reason="It is better to use `custom_policy_files` "
-                                 "which supports any OpenStack service."),
     cfg.BoolOpt('test_custom_requirements',
                 default=False,
                 deprecated_group='rbac',
diff --git a/patrole_tempest_plugin/policy_authority.py b/patrole_tempest_plugin/policy_authority.py
index 0a1aa133..3f4236bd 100644
--- a/patrole_tempest_plugin/policy_authority.py
+++ b/patrole_tempest_plugin/policy_authority.py
@@ -107,12 +107,10 @@ class PolicyAuthority(RbacAuthority):
 
         # Prioritize dynamically searching for policy files over relying on
         # deprecated service-specific policy file locations.
+        self.path = None
         if CONF.patrole.custom_policy_files:
             self.discover_policy_files()
             self.path = self.policy_files.get(service)
-        else:
-            self.path = getattr(CONF.patrole, '%s_policy_file' % str(service),
-                                None)
 
         self.rules = policy.Rules.load(self._get_policy_data(service),
                                        'default')
diff --git a/releasenotes/notes/remove-named-policy-files-134f3045502e9ce9.yaml b/releasenotes/notes/remove-named-policy-files-134f3045502e9ce9.yaml
new file mode 100644
index 00000000..00245d7a
--- /dev/null
+++ b/releasenotes/notes/remove-named-policy-files-134f3045502e9ce9.yaml
@@ -0,0 +1,13 @@
+---
+deprecations:
+  - |
+    Removed the following deprecated Patrole configuration options:
+
+        * cinder_policy_file
+        * glance_policy_file
+        * keystone_policy_file
+        * neutron_policy_file
+        * nova_policy_file
+
+    To specify the location of a custom policy file, use
+    ``[patrole] custom_policy_files`` instead.