[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I9028875399b54ab961ae46ca13f9cf6e6fc7ad89
2020-12-23 18:57:22 -06:00 · 2020-12-23 18:57:22 -06:00 · b5edbcbb6e
parent 5238a34c7d
commit b5edbcbb6e
8 changed files with 66 additions and 14 deletions
--- a/doc/source/configuration/policy.rst
+++ b/doc/source/configuration/policy.rst
@ -16,6 +16,14 @@
 Senlin Sample Policy Configuration File
 =======================================
 .. warning::
   JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
   JSON-formatted policy file to YAML in a backward-compatible way.
 .. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
 The following is an overview of all available access policies in Senlin.
 For a sample configuration file, refer to :doc:`sample-policy-yaml`.
--- a/doc/source/configuration/sample-policy-yaml.rst
+++ b/doc/source/configuration/sample-policy-yaml.rst
@ -16,7 +16,15 @@
 policy.yaml
 ===========
 .. warning::
   JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
   JSON-formatted policy file to YAML in a backward-compatible way.
 .. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
 Use the ``policy.yaml`` file to define additional access controls that will be
 applied to Senlin:
-.. literalinclude:: ../_static/senlin.policy.yaml.sample
+.. literalinclude:: ../_static/senlin.policy.yaml.sample
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -57,19 +57,19 @@ os-client-config==1.29.0
 os-service-types==1.7.0
 oslo.cache==1.29.0
 oslo.concurrency==3.26.0
-oslo.config==5.2.0
+oslo.config==6.8.0
 oslo.context==2.22.0
 oslo.db==6.0.0
 oslo.i18n==3.20.0
 oslo.log==3.36.0
 oslo.messaging==5.29.0
 oslo.middleware==3.31.0
-oslo.policy==1.30.0
+oslo.policy==3.6.0
 oslo.reports==1.18.0
 oslo.serialization==2.25.0
 oslo.service==1.31.0
-oslo.upgradecheck==0.1.0
+oslo.upgradecheck==1.3.0
-oslo.utils==3.37.0
+oslo.utils==4.5.0
 oslo.versionedobjects==1.31.2
 oslotest==3.3.0
 osprofiler==2.3.0
@ -97,11 +97,11 @@ python-keystoneclient==3.15.0
 python-mimeparse==1.6.0
 python-subunit==1.2.0
 pytz==2015.7
-PyYAML==3.13
+PyYAML==5.1
 repoze.lru==0.7
-requests==2.14.2
+requests==2.20.0
 requestsexceptions==1.4.0
-rfc3986==1.1.0
+rfc3986==1.2.0
 Routes==2.3.1
 smmap2==2.0.3
 sqlalchemy-migrate==0.13.0
--- a/releasenotes/notes/deprecate-json-formatted-policy-file-0c29555b3ea0c984.yaml
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-0c29555b3ea0c984.yaml
@ -0,0 +1,20 @@
 ---
 upgrade:
  - |
    The default value of ``[oslo_policy] policy_file`` config option has
    been changed from ``policy.json`` to ``policy.yaml``.
    Operators who are utilizing customized or previously generated
    static policy JSON files (which are not needed by default), should
    generate new policy files or convert them in YAML format. Use the
    `oslopolicy-convert-json-to-yaml
    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
    tool to convert a JSON to YAML formatted policy file in
    backward compatible way.
 deprecations:
  - |
    Use of JSON policy files was deprecated by the ``oslo.policy`` library
    during the Victoria development cycle. As a result, this deprecation is
    being noted in the Wallaby cycle with an anticipated future removal of support
    by ``oslo.policy``. As such operators will need to convert to YAML policy
    files. Please see the upgrade notes for details on migration of any
    custom policy files.
--- a/requirements.txt
+++ b/requirements.txt
@ -11,7 +11,7 @@ keystoneauth1>=3.18.0 # Apache-2.0
 keystonemiddleware>=4.17.0 # Apache-2.0
 microversion-parse>=0.2.1 # Apache-2.0
 openstacksdk>=0.42.0 # Apache-2.0
-oslo.config>=5.2.0 # Apache-2.0
+oslo.config>=6.8.0 # Apache-2.0
 oslo.context>=2.22.0 # Apache-2.0
 oslo.db>=6.0.0 # Apache-2.0
 oslo.i18n>=3.20.0 # Apache-2.0
@ -19,17 +19,17 @@ oslo.log>=3.36.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
 oslo.messaging>=5.29.0 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
-oslo.policy>=1.30.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0
 oslo.service>=1.31.0 # Apache-2.0
-oslo.upgradecheck>=0.1.0 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
-oslo.utils>=3.37.0 # Apache-2.0
+oslo.utils>=4.5.0 # Apache-2.0
 oslo.versionedobjects>=1.31.2 # Apache-2.0
 osprofiler>=2.3.0 # Apache-2.0
 PasteDeploy>=1.5.0 # MIT
 pytz>=2015.7 # MIT
-PyYAML>=3.13 # MIT
+PyYAML>=5.1 # MIT
-requests>=2.14.2 # Apache-2.0
+requests>=2.20.0 # Apache-2.0
 Routes>=2.3.1 # MIT
 SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
 sqlalchemy-migrate>=0.13.0 # Apache-2.0
--- a/senlin/cmd/status.py
+++ b/senlin/cmd/status.py
@ -15,6 +15,7 @@
 import sys
 from oslo_config import cfg
 from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck
 from senlin.common.i18n import _
@ -71,6 +72,8 @@ class Checks(upgradecheck.UpgradeCommands):
    _upgrade_checks = (
        # In the future there should be some real checks added here
        (_('HealthPolicy'), _check_healthpolicy),
        (_('Policy File JSON to YAML Migration'),
         (common_checks.check_policy_json, {'conf': cfg.CONF})),
    )
--- a/senlin/common/config.py
+++ b/senlin/common/config.py
@ -15,6 +15,7 @@ Routines for configuring Senlin
 """
 from oslo_log import log
 from oslo_middleware import cors
 from oslo_policy import opts
 from oslo_utils import importutils
 import senlin.conf
@ -61,3 +62,8 @@ def set_config_defaults():
                       'POST',
                       'DELETE',
                       'PATCH'])
    # TODO(gmann): Remove setting the default value of config policy_file
    # once oslo_policy change the default value to 'policy.yaml'.
    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
    opts.set_defaults(CONF, 'policy.yaml')
--- a/senlin/common/policy.py
+++ b/senlin/common/policy.py
@ -16,6 +16,7 @@ Policy Engine For Senlin
 # from oslo_concurrency import lockutils
 from oslo_config import cfg
 from oslo_policy import opts
 from oslo_policy import policy
 from senlin.common import exception
@ -24,6 +25,12 @@ from senlin.common import policies
 POLICY_ENFORCER = None
 CONF = cfg.CONF
 # TODO(gmann): Remove setting the default value of config policy_file
 # once oslo_policy change the default value to 'policy.yaml'.
 # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
 DEFAULT_POLICY_FILE = 'policy.yaml'
 opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
 # @lockutils.synchronized('policy_enforcer', 'senlin-')
 def _get_enforcer(policy_file=None, rules=None, default_rule=None):