diff --git a/devstack/settings b/devstack/settings index 541d0f7d57..b7be68d03b 100644 --- a/devstack/settings +++ b/devstack/settings @@ -26,7 +26,7 @@ TROVE_API_PASTE_INI=${TROVE_API_PASTE_INI:-${TROVE_CONF_DIR}/api-paste.ini} TROVE_LOCAL_CONF_DIR=${TROVE_LOCAL_CONF_DIR:-${TROVE_DIR}/etc/trove} TROVE_LOCAL_API_PASTE_INI=${TROVE_LOCAL_API_PASTE_INI:-${TROVE_LOCAL_CONF_DIR}/api-paste.ini} -TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.json} +TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.yaml} TROVE_IMAGE_OS=${TROVE_IMAGE_OS:-"ubuntu"} TROVE_IMAGE_OS_RELEASE=${TROVE_IMAGE_OS_RELEASE:-"bionic"} diff --git a/doc/source/admin/run_trove_in_production.rst b/doc/source/admin/run_trove_in_production.rst index 5cfde6b3eb..94bbce24c4 100644 --- a/doc/source/admin/run_trove_in_production.rst +++ b/doc/source/admin/run_trove_in_production.rst @@ -257,11 +257,19 @@ database group ``mysql+pymysql://root:password@127.0.0.1/trove?charset=utf8`` The cloud administrator also needs to provide a policy file -``/etc/trove/policy.json`` if the default API access policies don't satisfy the +``/etc/trove/policy.yaml`` if the default API access policies don't satisfy the requirement. To generate a sample policy file with all the default policies, run ``tox -egenpolicy`` in the repo folder and the new file will be located in ``etc/trove/policy.yaml.sample``. +.. warning:: + + JSON formatted policy file is deprecated since Trove 15.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + Initialize Trove Database ~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/etc/trove/README-policy.generated.md b/etc/trove/README-policy.generated.md index 1c8f0cfdd5..7baf433de0 100644 --- a/etc/trove/README-policy.generated.md +++ b/etc/trove/README-policy.generated.md @@ -12,7 +12,7 @@ Use customized policy file As Trove uses policy in code now, it's not necessary to add a policy file for Trove components to run. But when a customized policy is needed, Trove will -take ``/etc/trove/policy.json`` by default. The location of the policy file +take ``/etc/trove/policy.yaml`` by default. The location of the policy file can also be overridden by adding following lines in Trove config file: [oslo_policy] diff --git a/lower-constraints.txt b/lower-constraints.txt index 178c606fa0..fcc70cb9f6 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -73,18 +73,18 @@ os-service-types==1.2.0 osc-lib==1.10.0 oslo.cache==1.29.0 oslo.concurrency==3.26.0 -oslo.config==5.2.0 -oslo.context==2.19.2 +oslo.config==6.8.0 +oslo.context==2.22.0 oslo.db==4.27.0 oslo.i18n==3.15.3 oslo.log==3.36.0 oslo.messaging==5.29.0 oslo.middleware==3.31.0 -oslo.policy==1.30.0 +oslo.policy==3.6.0 oslo.serialization==2.18.0 oslo.service==1.24.0 -oslo.upgradecheck==0.1.0 -oslo.utils==3.33.0 +oslo.upgradecheck==1.3.0 +oslo.utils==3.40.0 oslotest==3.2.0 osprofiler==1.4.0 packaging==17.1 @@ -124,14 +124,14 @@ python-subunit==1.2.0 python-swiftclient==3.2.0 python-troveclient==2.2.0 pytz==2018.3 -PyYAML==3.12 +PyYAML==5.1 redis==2.10.0 reno==3.1.0 repoze.lru==0.7 -requests==2.18.4 +requests==2.20.0 requestsexceptions==1.4.0 restructuredtext-lint==1.1.3 -rfc3986==1.1.0 +rfc3986==1.2.0 Routes==2.3.1 semantic-version==2.7.0 simplejson==3.13.2 diff --git a/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml b/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml new file mode 100644 index 0000000000..c9c5300045 --- /dev/null +++ b/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 7738bcfc50..33bd3e83db 100644 --- a/requirements.txt +++ b/requirements.txt @@ -27,14 +27,14 @@ iso8601>=0.1.11 # MIT jsonschema>=3.2.0 # MIT Jinja2>=2.10 # BSD License (3 clause) pexpect!=3.3,>=3.1 # ISC License -oslo.config>=5.2.0 # Apache-2.0 -oslo.context>=2.19.2 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 +oslo.context>=2.22.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.middleware>=3.31.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 +oslo.utils>=3.40.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0 PyMySQL>=0.7.6 # MIT License stevedore>=1.20.0 # Apache-2.0 @@ -44,7 +44,7 @@ oslo.log>=3.36.0 # Apache-2.0 oslo.db>=4.27.0 # Apache-2.0 xmltodict>=0.10.1 # MIT cryptography>=2.1.4 # BSD/Apache-2.0 -oslo.policy>=1.30.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0 docker>=4.2.0 # Apache-2.0 psycopg2-binary>=2.6.2 # LGPL/ZPL diff --git a/trove/cmd/status.py b/trove/cmd/status.py index c17bcff8ab..275f0e6268 100644 --- a/trove/cmd/status.py +++ b/trove/cmd/status.py @@ -15,6 +15,7 @@ import sys from oslo_config import cfg +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from trove.common.i18n import _ @@ -62,6 +63,8 @@ class Checks(upgradecheck.UpgradeCommands): _upgrade_checks = ( (_("instances_with_running_tasks"), _check_instances_with_running_tasks), + (_('policy File JSON to YAML Migration'), + (common_checks.check_policy_json, {'conf': cfg.CONF})), ) diff --git a/trove/common/policy.py b/trove/common/policy.py index e9a8ca96bd..12d8e9a511 100644 --- a/trove/common/policy.py +++ b/trove/common/policy.py @@ -15,6 +15,7 @@ from oslo_config import cfg +from oslo_policy import opts from oslo_policy import policy from trove.common import exception as trove_exceptions @@ -23,6 +24,12 @@ from trove.common import policies CONF = cfg.CONF _ENFORCER = None +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(CONF, DEFAULT_POLICY_FILE) + def get_enforcer(): global _ENFORCER