From 863815153e3451f2354f14e6c271233e24e84782 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Thu, 24 Dec 2020 09:58:50 -0600 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I207c02ba71fe60635fd3406c9c9364c11f259bae --- doc/source/admin/policy.rst | 8 ++++++++ ...ormatted-policy-file-3a92379e9f5dd203.yaml | 20 +++++++++++++++++++ requirements.txt | 6 +++--- watcher/cmd/status.py | 5 +++++ watcher/common/policy.py | 7 +++++++ watcher/tests/policy_fixture.py | 2 +- 6 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml diff --git a/doc/source/admin/policy.rst b/doc/source/admin/policy.rst index d32a275b8..911d42af0 100644 --- a/doc/source/admin/policy.rst +++ b/doc/source/admin/policy.rst @@ -17,6 +17,14 @@ Policies ======== +.. warning:: + + JSON formatted policy file is deprecated since Watcher 6.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + Watcher's public API calls may be restricted to certain sets of users using a policy configuration file. This document explains exactly how policies are configured and what they apply to. diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml new file mode 100644 index 000000000..c9c530004 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-3a92379e9f5dd203.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 46235be99..af0db6ad2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,17 +12,17 @@ croniter>=0.3.20 # MIT License os-resource-classes>=0.4.0 oslo.concurrency>=3.26.0 # Apache-2.0 oslo.cache>=1.29.0 # Apache-2.0 -oslo.config>=5.2.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 oslo.context>=2.21.0 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 oslo.i18n>=3.20.0 # Apache-2.0 oslo.log>=3.37.0 # Apache-2.0 oslo.messaging>=8.1.2 # Apache-2.0 -oslo.policy>=1.34.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 oslo.reports>=1.27.0 # Apache-2.0 oslo.serialization>=2.25.0 # Apache-2.0 oslo.service>=1.30.0 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 oslo.utils>=3.36.0 # Apache-2.0 oslo.versionedobjects>=1.32.0 # Apache-2.0 PasteDeploy>=1.5.2 # MIT diff --git a/watcher/cmd/status.py b/watcher/cmd/status.py index 705089d78..bab78cc1d 100644 --- a/watcher/cmd/status.py +++ b/watcher/cmd/status.py @@ -14,6 +14,7 @@ import sys +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from watcher._i18n import _ @@ -43,6 +44,10 @@ class Checks(upgradecheck.UpgradeCommands): _upgrade_checks = ( # Added in Train. (_('Minimum Nova API Version'), _minimum_nova_api_version), + # Added in Wallaby. + (_("Policy File JSON to YAML Migration"), + (common_checks.check_policy_json, {'conf': CONF})), + ) diff --git a/watcher/common/policy.py b/watcher/common/policy.py index d2d12acf4..e9d8a0508 100644 --- a/watcher/common/policy.py +++ b/watcher/common/policy.py @@ -18,6 +18,7 @@ import sys from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy from watcher.common import exception @@ -26,6 +27,12 @@ from watcher.common import policies _ENFORCER = None CONF = cfg.CONF +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(CONF, DEFAULT_POLICY_FILE) + # we can get a policy enforcer by this init. # oslo policy support change policy rule dynamically. diff --git a/watcher/tests/policy_fixture.py b/watcher/tests/policy_fixture.py index 8a5b4e876..25faf89cb 100644 --- a/watcher/tests/policy_fixture.py +++ b/watcher/tests/policy_fixture.py @@ -30,7 +30,7 @@ class PolicyFixture(fixtures.Fixture): def _setUp(self): self.policy_dir = self.useFixture(fixtures.TempDir()) self.policy_file_name = os.path.join(self.policy_dir.path, - 'policy.json') + 'policy.yaml') with open(self.policy_file_name, 'w') as policy_file: policy_file.write(fake_policy.policy_data) policy_opts.set_defaults(CONF)