Merge "[goal] Deprecate the JSON formatted policy file"
This commit is contained in:
commit
f99412750c
|
@ -16,6 +16,14 @@
|
||||||
Senlin Sample Policy Configuration File
|
Senlin Sample Policy Configuration File
|
||||||
=======================================
|
=======================================
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
|
||||||
|
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||||
|
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||||
|
|
||||||
|
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||||
|
|
||||||
The following is an overview of all available access policies in Senlin.
|
The following is an overview of all available access policies in Senlin.
|
||||||
For a sample configuration file, refer to :doc:`sample-policy-yaml`.
|
For a sample configuration file, refer to :doc:`sample-policy-yaml`.
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,15 @@
|
||||||
policy.yaml
|
policy.yaml
|
||||||
===========
|
===========
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
JSON formatted policy file is deprecated since Senlin 11.0.0 (Wallaby).
|
||||||
|
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
|
||||||
|
JSON-formatted policy file to YAML in a backward-compatible way.
|
||||||
|
|
||||||
|
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||||
|
|
||||||
Use the ``policy.yaml`` file to define additional access controls that will be
|
Use the ``policy.yaml`` file to define additional access controls that will be
|
||||||
applied to Senlin:
|
applied to Senlin:
|
||||||
|
|
||||||
.. literalinclude:: ../_static/senlin.policy.yaml.sample
|
.. literalinclude:: ../_static/senlin.policy.yaml.sample
|
||||||
|
|
|
@ -57,19 +57,19 @@ os-client-config==1.29.0
|
||||||
os-service-types==1.7.0
|
os-service-types==1.7.0
|
||||||
oslo.cache==1.29.0
|
oslo.cache==1.29.0
|
||||||
oslo.concurrency==3.26.0
|
oslo.concurrency==3.26.0
|
||||||
oslo.config==5.2.0
|
oslo.config==6.8.0
|
||||||
oslo.context==2.22.0
|
oslo.context==2.22.0
|
||||||
oslo.db==6.0.0
|
oslo.db==6.0.0
|
||||||
oslo.i18n==3.20.0
|
oslo.i18n==3.20.0
|
||||||
oslo.log==3.36.0
|
oslo.log==3.36.0
|
||||||
oslo.messaging==5.29.0
|
oslo.messaging==5.29.0
|
||||||
oslo.middleware==3.31.0
|
oslo.middleware==3.31.0
|
||||||
oslo.policy==1.30.0
|
oslo.policy==3.6.0
|
||||||
oslo.reports==1.18.0
|
oslo.reports==1.18.0
|
||||||
oslo.serialization==2.25.0
|
oslo.serialization==2.25.0
|
||||||
oslo.service==1.31.0
|
oslo.service==1.31.0
|
||||||
oslo.upgradecheck==0.1.0
|
oslo.upgradecheck==1.3.0
|
||||||
oslo.utils==3.37.0
|
oslo.utils==4.5.0
|
||||||
oslo.versionedobjects==1.31.2
|
oslo.versionedobjects==1.31.2
|
||||||
oslotest==3.3.0
|
oslotest==3.3.0
|
||||||
osprofiler==2.3.0
|
osprofiler==2.3.0
|
||||||
|
@ -97,11 +97,11 @@ python-keystoneclient==3.15.0
|
||||||
python-mimeparse==1.6.0
|
python-mimeparse==1.6.0
|
||||||
python-subunit==1.2.0
|
python-subunit==1.2.0
|
||||||
pytz==2015.7
|
pytz==2015.7
|
||||||
PyYAML==3.13
|
PyYAML==5.1
|
||||||
repoze.lru==0.7
|
repoze.lru==0.7
|
||||||
requests==2.14.2
|
requests==2.20.0
|
||||||
requestsexceptions==1.4.0
|
requestsexceptions==1.4.0
|
||||||
rfc3986==1.1.0
|
rfc3986==1.2.0
|
||||||
Routes==2.3.1
|
Routes==2.3.1
|
||||||
smmap2==2.0.3
|
smmap2==2.0.3
|
||||||
sqlalchemy-migrate==0.13.0
|
sqlalchemy-migrate==0.13.0
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The default value of ``[oslo_policy] policy_file`` config option has
|
||||||
|
been changed from ``policy.json`` to ``policy.yaml``.
|
||||||
|
Operators who are utilizing customized or previously generated
|
||||||
|
static policy JSON files (which are not needed by default), should
|
||||||
|
generate new policy files or convert them in YAML format. Use the
|
||||||
|
`oslopolicy-convert-json-to-yaml
|
||||||
|
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
|
||||||
|
tool to convert a JSON to YAML formatted policy file in
|
||||||
|
backward compatible way.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Use of JSON policy files was deprecated by the ``oslo.policy`` library
|
||||||
|
during the Victoria development cycle. As a result, this deprecation is
|
||||||
|
being noted in the Wallaby cycle with an anticipated future removal of support
|
||||||
|
by ``oslo.policy``. As such operators will need to convert to YAML policy
|
||||||
|
files. Please see the upgrade notes for details on migration of any
|
||||||
|
custom policy files.
|
|
@ -11,7 +11,7 @@ keystoneauth1>=3.18.0 # Apache-2.0
|
||||||
keystonemiddleware>=4.17.0 # Apache-2.0
|
keystonemiddleware>=4.17.0 # Apache-2.0
|
||||||
microversion-parse>=0.2.1 # Apache-2.0
|
microversion-parse>=0.2.1 # Apache-2.0
|
||||||
openstacksdk>=0.42.0 # Apache-2.0
|
openstacksdk>=0.42.0 # Apache-2.0
|
||||||
oslo.config>=5.2.0 # Apache-2.0
|
oslo.config>=6.8.0 # Apache-2.0
|
||||||
oslo.context>=2.22.0 # Apache-2.0
|
oslo.context>=2.22.0 # Apache-2.0
|
||||||
oslo.db>=6.0.0 # Apache-2.0
|
oslo.db>=6.0.0 # Apache-2.0
|
||||||
oslo.i18n>=3.20.0 # Apache-2.0
|
oslo.i18n>=3.20.0 # Apache-2.0
|
||||||
|
@ -19,17 +19,17 @@ oslo.log>=3.36.0 # Apache-2.0
|
||||||
oslo.reports>=1.18.0 # Apache-2.0
|
oslo.reports>=1.18.0 # Apache-2.0
|
||||||
oslo.messaging>=5.29.0 # Apache-2.0
|
oslo.messaging>=5.29.0 # Apache-2.0
|
||||||
oslo.middleware>=3.31.0 # Apache-2.0
|
oslo.middleware>=3.31.0 # Apache-2.0
|
||||||
oslo.policy>=1.30.0 # Apache-2.0
|
oslo.policy>=3.6.0 # Apache-2.0
|
||||||
oslo.serialization>=2.25.0 # Apache-2.0
|
oslo.serialization>=2.25.0 # Apache-2.0
|
||||||
oslo.service>=1.31.0 # Apache-2.0
|
oslo.service>=1.31.0 # Apache-2.0
|
||||||
oslo.upgradecheck>=0.1.0 # Apache-2.0
|
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||||
oslo.utils>=3.37.0 # Apache-2.0
|
oslo.utils>=4.5.0 # Apache-2.0
|
||||||
oslo.versionedobjects>=1.31.2 # Apache-2.0
|
oslo.versionedobjects>=1.31.2 # Apache-2.0
|
||||||
osprofiler>=2.3.0 # Apache-2.0
|
osprofiler>=2.3.0 # Apache-2.0
|
||||||
PasteDeploy>=1.5.0 # MIT
|
PasteDeploy>=1.5.0 # MIT
|
||||||
pytz>=2015.7 # MIT
|
pytz>=2015.7 # MIT
|
||||||
PyYAML>=3.13 # MIT
|
PyYAML>=5.1 # MIT
|
||||||
requests>=2.14.2 # Apache-2.0
|
requests>=2.20.0 # Apache-2.0
|
||||||
Routes>=2.3.1 # MIT
|
Routes>=2.3.1 # MIT
|
||||||
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
|
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
|
||||||
sqlalchemy-migrate>=0.13.0 # Apache-2.0
|
sqlalchemy-migrate>=0.13.0 # Apache-2.0
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
from oslo_upgradecheck import common_checks
|
||||||
from oslo_upgradecheck import upgradecheck
|
from oslo_upgradecheck import upgradecheck
|
||||||
|
|
||||||
from senlin.common.i18n import _
|
from senlin.common.i18n import _
|
||||||
|
@ -71,6 +72,8 @@ class Checks(upgradecheck.UpgradeCommands):
|
||||||
_upgrade_checks = (
|
_upgrade_checks = (
|
||||||
# In the future there should be some real checks added here
|
# In the future there should be some real checks added here
|
||||||
(_('HealthPolicy'), _check_healthpolicy),
|
(_('HealthPolicy'), _check_healthpolicy),
|
||||||
|
(_('Policy File JSON to YAML Migration'),
|
||||||
|
(common_checks.check_policy_json, {'conf': cfg.CONF})),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ Routines for configuring Senlin
|
||||||
"""
|
"""
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
from oslo_middleware import cors
|
from oslo_middleware import cors
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_utils import importutils
|
from oslo_utils import importutils
|
||||||
|
|
||||||
import senlin.conf
|
import senlin.conf
|
||||||
|
@ -61,3 +62,8 @@ def set_config_defaults():
|
||||||
'POST',
|
'POST',
|
||||||
'DELETE',
|
'DELETE',
|
||||||
'PATCH'])
|
'PATCH'])
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
opts.set_defaults(CONF, 'policy.yaml')
|
||||||
|
|
|
@ -16,6 +16,7 @@ Policy Engine For Senlin
|
||||||
|
|
||||||
# from oslo_concurrency import lockutils
|
# from oslo_concurrency import lockutils
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
from oslo_policy import opts
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
|
|
||||||
from senlin.common import exception
|
from senlin.common import exception
|
||||||
|
@ -24,6 +25,12 @@ from senlin.common import policies
|
||||||
POLICY_ENFORCER = None
|
POLICY_ENFORCER = None
|
||||||
CONF = cfg.CONF
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
# TODO(gmann): Remove setting the default value of config policy_file
|
||||||
|
# once oslo_policy change the default value to 'policy.yaml'.
|
||||||
|
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||||
|
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||||
|
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
|
||||||
|
|
||||||
|
|
||||||
# @lockutils.synchronized('policy_enforcer', 'senlin-')
|
# @lockutils.synchronized('policy_enforcer', 'senlin-')
|
||||||
def _get_enforcer(policy_file=None, rules=None, default_rule=None):
|
def _get_enforcer(policy_file=None, rules=None, default_rule=None):
|
||||||
|
|
Loading…
Reference in New Issue