Browse Source

Merge "[goal] Deprecate the JSON formatted policy file"

changes/97/698797/9
Zuul 5 months ago
committed by Gerrit Code Review
parent
commit
f99412750c
8 changed files with 66 additions and 14 deletions
  1. +8
    -0
      doc/source/configuration/policy.rst
  2. +9
    -1
      doc/source/configuration/sample-policy-yaml.rst
  3. +7
    -7
      lower-constraints.txt
  4. +20
    -0
      releasenotes/notes/deprecate-json-formatted-policy-file-0c29555b3ea0c984.yaml
  5. +6
    -6
      requirements.txt
  6. +3
    -0
      senlin/cmd/status.py
  7. +6
    -0
      senlin/common/config.py
  8. +7
    -0
      senlin/common/policy.py

+ 8
- 0
doc/source/configuration/policy.rst View File

@ -16,6 +16,14 @@
Senlin Sample Policy Configuration File
=======================================
.. warning::
JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
JSON-formatted policy file to YAML in a backward-compatible way.
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
The following is an overview of all available access policies in Senlin.
For a sample configuration file, refer to :doc:`sample-policy-yaml`.


+ 9
- 1
doc/source/configuration/sample-policy-yaml.rst View File

@ -16,7 +16,15 @@
policy.yaml
===========
.. warning::
JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
JSON-formatted policy file to YAML in a backward-compatible way.
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
Use the ``policy.yaml`` file to define additional access controls that will be
applied to Senlin:
.. literalinclude:: ../_static/senlin.policy.yaml.sample
.. literalinclude:: ../_static/senlin.policy.yaml.sample

+ 7
- 7
lower-constraints.txt View File

@ -57,19 +57,19 @@ os-client-config==1.29.0
os-service-types==1.7.0
oslo.cache==1.29.0
oslo.concurrency==3.26.0
oslo.config==5.2.0
oslo.config==6.8.0
oslo.context==2.22.0
oslo.db==6.0.0
oslo.i18n==3.20.0
oslo.log==3.36.0
oslo.messaging==5.29.0
oslo.middleware==3.31.0
oslo.policy==1.30.0
oslo.policy==3.6.0
oslo.reports==1.18.0
oslo.serialization==2.25.0
oslo.service==1.31.0
oslo.upgradecheck==0.1.0
oslo.utils==3.37.0
oslo.upgradecheck==1.3.0
oslo.utils==4.5.0
oslo.versionedobjects==1.31.2
oslotest==3.3.0
osprofiler==2.3.0
@ -97,11 +97,11 @@ python-keystoneclient==3.15.0
python-mimeparse==1.6.0
python-subunit==1.2.0
pytz==2015.7
PyYAML==3.13
PyYAML==5.1
repoze.lru==0.7
requests==2.14.2
requests==2.20.0
requestsexceptions==1.4.0
rfc3986==1.1.0
rfc3986==1.2.0
Routes==2.3.1
smmap2==2.0.3
sqlalchemy-migrate==0.13.0


+ 20
- 0
releasenotes/notes/deprecate-json-formatted-policy-file-0c29555b3ea0c984.yaml View File

@ -0,0 +1,20 @@
---
upgrade:
- |
The default value of ``[oslo_policy] policy_file`` config option has
been changed from ``policy.json`` to ``policy.yaml``.
Operators who are utilizing customized or previously generated
static policy JSON files (which are not needed by default), should
generate new policy files or convert them in YAML format. Use the
`oslopolicy-convert-json-to-yaml
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
tool to convert a JSON to YAML formatted policy file in
backward compatible way.
deprecations:
- |
Use of JSON policy files was deprecated by the ``oslo.policy`` library
during the Victoria development cycle. As a result, this deprecation is
being noted in the Wallaby cycle with an anticipated future removal of support
by ``oslo.policy``. As such operators will need to convert to YAML policy
files. Please see the upgrade notes for details on migration of any
custom policy files.

+ 6
- 6
requirements.txt View File

@ -11,7 +11,7 @@ keystoneauth1>=3.18.0 # Apache-2.0
keystonemiddleware>=4.17.0 # Apache-2.0
microversion-parse>=0.2.1 # Apache-2.0
openstacksdk>=0.42.0 # Apache-2.0
oslo.config>=5.2.0 # Apache-2.0
oslo.config>=6.8.0 # Apache-2.0
oslo.context>=2.22.0 # Apache-2.0
oslo.db>=6.0.0 # Apache-2.0
oslo.i18n>=3.20.0 # Apache-2.0
@ -19,17 +19,17 @@ oslo.log>=3.36.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0
oslo.messaging>=5.29.0 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0
oslo.policy>=1.30.0 # Apache-2.0
oslo.policy>=3.6.0 # Apache-2.0
oslo.serialization>=2.25.0 # Apache-2.0
oslo.service>=1.31.0 # Apache-2.0
oslo.upgradecheck>=0.1.0 # Apache-2.0
oslo.utils>=3.37.0 # Apache-2.0
oslo.upgradecheck>=1.3.0 # Apache-2.0
oslo.utils>=4.5.0 # Apache-2.0
oslo.versionedobjects>=1.31.2 # Apache-2.0
osprofiler>=2.3.0 # Apache-2.0
PasteDeploy>=1.5.0 # MIT
pytz>=2015.7 # MIT
PyYAML>=3.13 # MIT
requests>=2.14.2 # Apache-2.0
PyYAML>=5.1 # MIT
requests>=2.20.0 # Apache-2.0
Routes>=2.3.1 # MIT
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
sqlalchemy-migrate>=0.13.0 # Apache-2.0


+ 3
- 0
senlin/cmd/status.py View File

@ -15,6 +15,7 @@
import sys
from oslo_config import cfg
from oslo_upgradecheck import common_checks
from oslo_upgradecheck import upgradecheck
from senlin.common.i18n import _
@ -71,6 +72,8 @@ class Checks(upgradecheck.UpgradeCommands):
_upgrade_checks = (
# In the future there should be some real checks added here
(_('HealthPolicy'), _check_healthpolicy),
(_('Policy File JSON to YAML Migration'),
(common_checks.check_policy_json, {'conf': cfg.CONF})),
)


+ 6
- 0
senlin/common/config.py View File

@ -15,6 +15,7 @@ Routines for configuring Senlin
"""
from oslo_log import log
from oslo_middleware import cors
from oslo_policy import opts
from oslo_utils import importutils
import senlin.conf
@ -61,3 +62,8 @@ def set_config_defaults():
'POST',
'DELETE',
'PATCH'])
# TODO(gmann): Remove setting the default value of config policy_file
# once oslo_policy change the default value to 'policy.yaml'.
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
opts.set_defaults(CONF, 'policy.yaml')

+ 7
- 0
senlin/common/policy.py View File

@ -16,6 +16,7 @@ Policy Engine For Senlin
# from oslo_concurrency import lockutils
from oslo_config import cfg
from oslo_policy import opts
from oslo_policy import policy
from senlin.common import exception
@ -24,6 +25,12 @@ from senlin.common import policies
POLICY_ENFORCER = None
CONF = cfg.CONF
# TODO(gmann): Remove setting the default value of config policy_file
# once oslo_policy change the default value to 'policy.yaml'.
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
DEFAULT_POLICY_FILE = 'policy.yaml'
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
# @lockutils.synchronized('policy_enforcer', 'senlin-')
def _get_enforcer(policy_file=None, rules=None, default_rule=None):


Loading…
Cancel
Save