Use yaml instead of json for policy file

Because usage of json for policy file will be deprecated and replaced by yaml[1]. [1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Currently stable version of Gnocchi (either 4.3 or 4.4) doesn't have policy rules implemented in code and provides its default policy rules written in json format. Thus we explicitly need to convert the json file to a yaml file so that Gnochi services can read the default rules. Depends-on: https://review.opendev.org/769647 Change-Id: Iba79229c293aae0718812e6520b2cddaa25066dc
2020-12-29 16:03:52 +09:00 · 2020-12-29 16:03:52 +09:00 · c5484cf9ee
parent 2439d4c0ca
commit c5484cf9ee
3 changed files with 29 additions and 12 deletions
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@ -20,12 +20,12 @@
 #   Defaults to empty hash.
 #
 # [*policy_path*]
-#   (Optional) Path to the nova policy.json file
-#   Defaults to /etc/gnocchi/policy.json
+#   (Optional) Path to the nova policy.yaml file
+#   Defaults to /etc/gnocchi/policy.yaml
 #
 class gnocchi::policy (
  $policies    = {},
-  $policy_path = '/etc/gnocchi/policy.json',
+  $policy_path = '/etc/gnocchi/policy.yaml',
 ) {

  include gnocchi::deps
@ -33,10 +33,22 @@ class gnocchi::policy (

  validate_legacy(Hash, 'validate_hash', $policies)

+  # TODO(tkajinam): Remove this once version with policy-in-code implementation
+  #                 is released.
+  exec { 'gnocci-oslopolicy-convert-json-to-yaml':
+    command => "oslopolicy-convert-json-to-yaml --namespace gnocchi --policy-file /etc/gnocchi/policy.json --output-file ${policy_path}",
+    unless  => "test -f ${policy_path}",
+    path    => ['/bin','/usr/bin','/usr/local/bin'],
+    require => Anchor['gnocchi::install::end'],
+  }
+  Exec<| title == 'gnocchi-oslopolicy-convert-json-to-yaml' |>
+  -> File<| title == $policy_path |>
+
  Openstacklib::Policy::Base {
-    file_path  => $policy_path,
-    file_user  => 'root',
-    file_group => $::gnocchi::params::group,
+    file_path   => $policy_path,
+    file_user   => 'root',
+    file_group  => $::gnocchi::params::group,
+    file_format => 'yaml',
  }

  create_resources('openstacklib::policy::base', $policies)
--- a/releasenotes/notes/migrate-policy-format-from-json-to-yaml-790e4f7ef2d7e68c.yaml
+++ b/releasenotes/notes/migrate-policy-format-from-json-to-yaml-790e4f7ef2d7e68c.yaml
@ -0,0 +1,4 @@
+---
+upgrade:
+  - |
+    Now policy.yaml is used by default instead of policy.json.
--- a/spec/classes/gnocchi_policy_spec.rb
+++ b/spec/classes/gnocchi_policy_spec.rb
@ -5,7 +5,7 @@ describe 'gnocchi::policy' do
  shared_examples_for 'gnocchi policies' do
    let :params do
      {
-        :policy_path => '/etc/gnocchi/policy.json',
+        :policy_path => '/etc/gnocchi/policy.yaml',
        :policies    => {
          'context_is_admin' => {
            'key'   => 'context_is_admin',
@ -17,13 +17,14 @@ describe 'gnocchi::policy' do

    it 'set up the policies' do
      is_expected.to contain_openstacklib__policy__base('context_is_admin').with({
-        :key        => 'context_is_admin',
-        :value      => 'foo:bar',
-        :file_user  => 'root',
-        :file_group => 'gnocchi',
+        :key         => 'context_is_admin',
+        :value       => 'foo:bar',
+        :file_user   => 'root',
+        :file_group  => 'gnocchi',
+        :file_format => 'yaml',
      })
      is_expected.to contain_oslo__policy('gnocchi_config').with(
-        :policy_file => '/etc/gnocchi/policy.json',
+        :policy_file => '/etc/gnocchi/policy.yaml',
      )
    end
  end