diff --git a/doc/source/admin/policy.rst b/doc/source/admin/policy.rst index d32a275b8..911d42af0 100644 --- a/doc/source/admin/policy.rst +++ b/doc/source/admin/policy.rst @@ -17,6 +17,14 @@ Policies ======== +.. warning:: + + JSON formatted policy file is deprecated since Watcher 6.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + Watcher's public API calls may be restricted to certain sets of users using a policy configuration file. This document explains exactly how policies are configured and what they apply to. diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml new file mode 100644 index 000000000..c9c530004 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 46235be99..af0db6ad2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,17 +12,17 @@ croniter>=0.3.20 # MIT License os-resource-classes>=0.4.0 oslo.concurrency>=3.26.0 # Apache-2.0 oslo.cache>=1.29.0 # Apache-2.0 -oslo.config>=5.2.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 oslo.context>=2.21.0 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 oslo.i18n>=3.20.0 # Apache-2.0 oslo.log>=3.37.0 # Apache-2.0 oslo.messaging>=8.1.2 # Apache-2.0 -oslo.policy>=1.34.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 oslo.reports>=1.27.0 # Apache-2.0 oslo.serialization>=2.25.0 # Apache-2.0 oslo.service>=1.30.0 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 oslo.utils>=3.36.0 # Apache-2.0 oslo.versionedobjects>=1.32.0 # Apache-2.0 PasteDeploy>=1.5.2 # MIT diff --git a/watcher/cmd/status.py b/watcher/cmd/status.py index 705089d78..bab78cc1d 100644 --- a/watcher/cmd/status.py +++ b/watcher/cmd/status.py @@ -14,6 +14,7 @@ import sys +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from watcher._i18n import _ @@ -43,6 +44,10 @@ class Checks(upgradecheck.UpgradeCommands): _upgrade_checks = ( # Added in Train. (_('Minimum Nova API Version'), _minimum_nova_api_version), + # Added in Wallaby. + (_("Policy File JSON to YAML Migration"), + (common_checks.check_policy_json, {'conf': CONF})), + ) diff --git a/watcher/common/policy.py b/watcher/common/policy.py index d2d12acf4..e9d8a0508 100644 --- a/watcher/common/policy.py +++ b/watcher/common/policy.py @@ -18,6 +18,7 @@ import sys from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy from watcher.common import exception @@ -26,6 +27,12 @@ from watcher.common import policies _ENFORCER = None CONF = cfg.CONF +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(CONF, DEFAULT_POLICY_FILE) + # we can get a policy enforcer by this init. # oslo policy support change policy rule dynamically. diff --git a/watcher/tests/policy_fixture.py b/watcher/tests/policy_fixture.py index 8a5b4e876..25faf89cb 100644 --- a/watcher/tests/policy_fixture.py +++ b/watcher/tests/policy_fixture.py @@ -30,7 +30,7 @@ class PolicyFixture(fixtures.Fixture): def _setUp(self): self.policy_dir = self.useFixture(fixtures.TempDir()) self.policy_file_name = os.path.join(self.policy_dir.path, - 'policy.json') + 'policy.yaml') with open(self.policy_file_name, 'w') as policy_file: policy_file.write(fake_policy.policy_data) policy_opts.set_defaults(CONF)