[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. Also replace policy.json to policy.yaml ref from doc and tests. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I1248c7356e9a22f0281f12afa8faf5f6aa0f5c8b
2020-12-24 14:42:11 -06:00 · 2020-12-24 14:42:11 -06:00 · 5e22736c7a
parent 1bce9e5890
commit 5e22736c7a
9 changed files with 54 additions and 9 deletions
--- a/doc/source/configuration/policy.rst
+++ b/doc/source/configuration/policy.rst
@ -5,6 +5,14 @@ Policy configuration
 Configuration
 ~~~~~~~~~~~~~

+.. warning::
+
+   JSON formatted policy file is deprecated since Zun 7.0.0 (Wallaby).
+   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
+   JSON-formatted policy file to YAML in a backward-compatible way.
+
+.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
+
 The following is an overview of all available policies in Zun. For a sample
 configuration file.

--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -84,12 +84,12 @@ oslo.i18n==5.0.0
 oslo.log==4.2.0
 oslo.messaging==12.2.0
 oslo.middleware==4.1.0
-oslo.policy==3.2.0
+oslo.policy==3.6.0
 oslo.privsep==2.2.0
 oslo.serialization==3.2.0
 oslo.service==2.2.0
-oslo.upgradecheck==1.1.0
-oslo.utils==4.2.0
+oslo.upgradecheck==1.3.0
+oslo.utils==4.5.0
 oslo.versionedobjects==2.1.0
 oslo.rootwrap==5.8.0
 oslotest==4.4.1
@ -129,7 +129,7 @@ python-neutronclient==7.2.0
 python-subunit==1.4.0
 python-zunclient==4.1.0
 pytz==2020.4
-PyYAML==3.13
+PyYAML==5.1
 repoze.lru==0.7
 requests==2.20.1
 requestsexceptions==1.4.0
--- a/releasenotes/notes/deprecate-json-formatted-policy-file-1c77a54f9a043c25.yaml
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-1c77a54f9a043c25.yaml
@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    The default value of ``[oslo_policy] policy_file`` config option has
+    been changed from ``policy.json`` to ``policy.yaml``.
+    Operators who are utilizing customized or previously generated
+    static policy JSON files (which are not needed by default), should
+    generate new policy files or convert them in YAML format. Use the
+    `oslopolicy-convert-json-to-yaml
+    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
+    tool to convert a JSON to YAML formatted policy file in
+    backward compatible way.
+deprecations:
+  - |
+    Use of JSON policy files was deprecated by the ``oslo.policy`` library
+    during the Victoria development cycle. As a result, this deprecation is
+    being noted in the Wallaby cycle with an anticipated future removal of support
+    by ``oslo.policy``. As such operators will need to convert to YAML policy
+    files. Please see the upgrade notes for details on migration of any
+    custom policy files.
--- a/requirements.txt
+++ b/requirements.txt
@ -6,7 +6,7 @@ cotyledon>=1.5.0 # Apache-2.0
 Flask>=0.12.3 # BSD
 futurist>=1.6.0 # Apache-2.0
 grpcio>=1.25.0 # Apache-2.0
-PyYAML>=3.13 # MIT
+PyYAML>=5.1 # MIT
 eventlet>=0.28.0 # MIT
 WebOb>=1.8.1 # MIT
 alembic>=0.9.8 # MIT
@ -27,16 +27,16 @@ oslo.concurrency>=4.1.0 # Apache-2.0
 oslo.config>=8.1.0 # Apache-2.0
 oslo.messaging>=12.2.0 # Apache-2.0
 oslo.middleware>=4.1.0 # Apache-2.0
-oslo.policy>=3.2.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
 oslo.privsep>=2.2.0 # Apache-2.0
 oslo.serialization>=3.2.0 # Apache-2.0
 oslo.service>=2.2.0 # Apache-2.0
 oslo.versionedobjects>=2.1.0 # Apache-2.0
 oslo.context>=3.1.0 # Apache-2.0
-oslo.utils>=4.2.0 # Apache-2.0
+oslo.utils>=4.5.0 # Apache-2.0
 oslo.db>=8.2.0 # Apache-2.0
 oslo.rootwrap>=5.8.0 # Apache-2.0
-oslo.upgradecheck>=1.1.0 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
 os-brick>=3.1.0 # Apache-2.0
 os-resource-classes>=0.1.0 # Apache-2.0
 os-traits>=0.15.0 # Apache-2.0
--- a/setup.cfg
+++ b/setup.cfg
@ -42,7 +42,7 @@ oslo.config.opts =
    zun.conf = zun.conf.opts:list_opts

 oslo.config.opts.defaults =
-    zun = zun.common.config:set_cors_middleware_defaults
+    zun = zun.common.config:set_config_defaults

 oslo.policy.policies =
    zun = zun.common.policies:list_rules
--- a/zun/cmd/status.py
+++ b/zun/cmd/status.py
@ -16,6 +16,7 @@ import os
 import shutil
 import sys

+from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck

 from zun.common.i18n import _
@ -56,6 +57,8 @@ class Checks(upgradecheck.UpgradeCommands):

    _upgrade_checks = (
        (_('Numactl Check'), _numactl_check),
+        (_('Policy File JSON to YAML Migration'),
+         (common_checks.check_policy_json, {'conf': CONF})),
    )


--- a/zun/common/config.py
+++ b/zun/common/config.py
@ -16,6 +16,7 @@
 #    under the License.

 from oslo_middleware import cors
+from oslo_policy import opts

 from zun.common import rpc
 import zun.conf
@ -39,6 +40,11 @@ def set_config_defaults():
    """This method updates all configuration default values."""
    set_cors_middleware_defaults()

+    # TODO(gmann): Remove setting the default value of config policy_file
+    # once oslo_policy change the default value to 'policy.yaml'.
+    # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+    opts.set_defaults(zun.conf.CONF, 'policy.yaml')
+

 def set_cors_middleware_defaults():
    """Update default configuration options for oslo.middleware."""
--- a/zun/common/policy.py
+++ b/zun/common/policy.py
@ -16,6 +16,7 @@
 """Policy Engine For zun."""

 from oslo_log import log as logging
+from oslo_policy import opts
 from oslo_policy import policy
 from oslo_utils import excutils

@ -27,6 +28,12 @@ _ENFORCER = None
 CONF = zun.conf.CONF
 LOG = logging.getLogger(__name__)

+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
+

 # we can get a policy enforcer by this init.
 # oslo policy support change policy rule dynamically.
--- a/zun/tests/policy_fixture.py
+++ b/zun/tests/policy_fixture.py
@ -24,6 +24,7 @@ CONF = zun.conf.CONF
 class PolicyFixture(fixtures.Fixture):

    def _setUp(self):
+        CONF(args=[], project='zun')
        policy_opts.set_defaults(CONF)
        zun_policy._ENFORCER = None
        self.addCleanup(zun_policy.init().clear)